| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1317382585-12172-5-git-send-email-wpk@culm.net>
Date: Fri, 30 Sep 2011 13:36:23 +0200
From: Witold Krecicki <wpk@...m.net>
To: Paul Menage <paul@...lmenage.org>, Li Zefan <lizf@...fujitsu.com>,
containers@...ts.linux-foundation.org
Cc: linux-kernel@...r.kernel.org, Witold Krecicki <wpk@...m.net>
Subject: [PATCH 4/6] cgroup: disallow task from leaving cgroup isolated root
This patch makes it impossible for a task to exit cgroup isolated
root environment.
Signed-off-by: Witold Krecicki <wpk@...m.net>
---
kernel/cgroup.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index f9b4bdf..c3fee33 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -1850,13 +1850,17 @@ int cgroup_attach_task(struct cgroup *cgrp, struct task_struct *tsk)
{
int retval;
struct cgroup_subsys *ss, *failed_ss = NULL;
- struct cgroup *oldcgrp;
+ struct cgroup *oldcgrp, *isol_root;
struct cgroupfs_root *root = cgrp->root;
/* Nothing to do if the task is already in that cgroup */
oldcgrp = task_cgroup_from_root(tsk, root);
if (cgrp == oldcgrp)
return 0;
+ /* We need to check if the new cgrp is inside the isolation root */
+ isol_root = cgroup_get_isolation_root(oldcgrp);
+ if (isol_root && !cgroup_is_descendant(cgrp, isol_root))
+ return -EBUSY;
for_each_subsys(root, ss) {
if (ss->can_attach) {
--
1.7.4.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists