| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200120144244.GD30403@redhat.com>
Date: Mon, 20 Jan 2020 15:42:45 +0100
From: Oleg Nesterov <oleg@...hat.com>
To: Christian Brauner <christian.brauner@...ntu.com>
Cc: linux-api@...r.kernel.org, linux-kernel@...r.kernel.org,
Tejun Heo <tj@...nel.org>, Li Zefan <lizefan@...wei.com>,
Johannes Weiner <hannes@...xchg.org>, cgroups@...r.kernel.org
Subject: Re: [PATCH v4 1/6] cgroup: unify attach permission checking
I guess I am totally confused, but...
On 01/17, Christian Brauner wrote:
>
> +static inline bool cgroup_same_domain(const struct cgroup *src_cgrp,
> + const struct cgroup *dst_cgrp)
> +{
> + return src_cgrp->dom_cgrp == dst_cgrp->dom_cgrp;
> +}
> +
> +static int cgroup_attach_permissions(struct cgroup *src_cgrp,
> + struct cgroup *dst_cgrp,
> + struct super_block *sb, bool thread)
> +{
> + int ret = 0;
> +
> + ret = cgroup_procs_write_permission(src_cgrp, dst_cgrp, sb);
> + if (ret)
> + return ret;
> +
> + ret = cgroup_migrate_vet_dst(dst_cgrp);
> + if (ret)
> + return ret;
> +
> + if (thread &&
> + !cgroup_same_domain(src_cgrp->dom_cgrp, dst_cgrp->dom_cgrp))
^^^^^^^^^^ ^^^^^^^^^^
cgroup_same_domain(src_cgrp, dst_cgrp)
no?
And given that cgroup_same_domain() has no other users, perhaps it can
simply check
src_cgrp->dom_cgrp != dst_cgrp->dom_cgrp
?
Oleg.
Powered by blists - more mailing lists