forked from Minki/linux
cgroup: clarify cgroup_css_set_fork()
With recent fixes for the permission checking when moving a task into a cgroup using a file descriptor to a cgroup's cgroup.procs file and calling write() it seems a good idea to clarify CLONE_INTO_CGROUP permission checking with a comment. Cc: Tejun Heo <tj@kernel.org> Cc: <cgroups@vger.kernel.org> Signed-off-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Tejun Heo <tj@kernel.org>
This commit is contained in:
parent
05c7b7a92c
commit
6d3971dab2
@ -6161,6 +6161,20 @@ static int cgroup_css_set_fork(struct kernel_clone_args *kargs)
|
||||
if (ret)
|
||||
goto err;
|
||||
|
||||
/*
|
||||
* Spawning a task directly into a cgroup works by passing a file
|
||||
* descriptor to the target cgroup directory. This can even be an O_PATH
|
||||
* file descriptor. But it can never be a cgroup.procs file descriptor.
|
||||
* This was done on purpose so spawning into a cgroup could be
|
||||
* conceptualized as an atomic
|
||||
*
|
||||
* fd = openat(dfd_cgroup, "cgroup.procs", ...);
|
||||
* write(fd, <child-pid>, ...);
|
||||
*
|
||||
* sequence, i.e. it's a shorthand for the caller opening and writing
|
||||
* cgroup.procs of the cgroup indicated by @dfd_cgroup. This allows us
|
||||
* to always use the caller's credentials.
|
||||
*/
|
||||
ret = cgroup_attach_permissions(cset->dfl_cgrp, dst_cgrp, sb,
|
||||
!(kargs->flags & CLONE_THREAD),
|
||||
current->nsproxy->cgroup_ns);
|
||||
|
Loading…
Reference in New Issue
Block a user