cgroup: Add generic cgroup subsystem permission checks.

Rather than using explicit euid == 0 checks when trying to move tasks into a cgroup via CFS, move permission checks into each specific cgroup subsystem. If a subsystem does not specify a 'can_attach' handler, then we fall back to doing our checks the old way. This way non-root processes can add arbitrary processes to a cgroup if all the registered subsystems on that cgroup agree. Also change explicit euid == 0 check to CAP_SYS_ADMIN Signed-off-by: San Mehat <san@google.com>
author: San Mehat <san@google.com> 2009-05-21 14:10:06 -0700
committer: Dan Willemsen <dwillemsen@nvidia.com> 2011-11-30 21:38:10 -0800
commit: e84e563ae2ed297d5d35d8da3b7302384ff6c7da (patch)
tree: 5fa760f95deef258d1158228b5c2f5855824c0eb /kernel/cgroup.c
parent: bc4169bdee5099056af585ccecb8f3639f5e212c (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 1d2b6ceea95d..e06035aa3038 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -60,6 +60,7 @@
 #include <linux/eventfd.h>
 #include <linux/poll.h>
 #include <linux/flex_array.h> /* used in cgroup_attach_proc */
+#include <linux/capability.h>
 
 #include <linux/atomic.h>
 
@@ -1842,6 +1843,15 @@ int cgroup_attach_task(struct cgroup *cgrp, struct task_struct *tsk)
 				failed_ss = ss;
 				goto out;
 			}
+		} else if (!capable(CAP_SYS_ADMIN)) {
+			const struct cred *cred = current_cred(), *tcred;
+
+			/* No can_attach() - check perms generically */
+			tcred = __task_cred(tsk);
+			if (cred->euid != tcred->uid &&
+			    cred->euid != tcred->suid) {
+				return -EACCES;
+			}
 		}
 		if (ss->can_attach_task) {
 			retval = ss->can_attach_task(cgrp, tsk);
author	San Mehat <san@google.com>	2009-05-21 14:10:06 -0700
committer	Dan Willemsen <dwillemsen@nvidia.com>	2011-11-30 21:38:10 -0800
commit	e84e563ae2ed297d5d35d8da3b7302384ff6c7da (patch)
tree	5fa760f95deef258d1158228b5c2f5855824c0eb /kernel/cgroup.c
parent	bc4169bdee5099056af585ccecb8f3639f5e212c (diff)