diff options
Diffstat (limited to 'kernel/cgroup.c')
| -rw-r--r-- | kernel/cgroup.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/kernel/cgroup.c b/kernel/cgroup.c index 1d2b6ceea95d..e06035aa3038 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c @@ -60,6 +60,7 @@ #include <linux/eventfd.h> #include <linux/poll.h> #include <linux/flex_array.h> /* used in cgroup_attach_proc */ +#include <linux/capability.h> #include <linux/atomic.h> @@ -1842,6 +1843,15 @@ int cgroup_attach_task(struct cgroup *cgrp, struct task_struct *tsk) failed_ss = ss; goto out; } + } else if (!capable(CAP_SYS_ADMIN)) { + const struct cred *cred = current_cred(), *tcred; + + /* No can_attach() - check perms generically */ + tcred = __task_cred(tsk); + if (cred->euid != tcred->uid && + cred->euid != tcred->suid) { + return -EACCES; + } } if (ss->can_attach_task) { retval = ss->can_attach_task(cgrp, tsk); |