| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200120144627.2ttqolx3md6vyfew@wittgenstein>
Date: Mon, 20 Jan 2020 15:46:28 +0100
From: Christian Brauner <christian.brauner@...ntu.com>
To: Oleg Nesterov <oleg@...hat.com>
Cc: linux-api@...r.kernel.org, linux-kernel@...r.kernel.org,
Tejun Heo <tj@...nel.org>, Li Zefan <lizefan@...wei.com>,
Johannes Weiner <hannes@...xchg.org>, cgroups@...r.kernel.org
Subject: Re: [PATCH v4 1/6] cgroup: unify attach permission checking
On Mon, Jan 20, 2020 at 03:42:45PM +0100, Oleg Nesterov wrote:
> I guess I am totally confused, but...
>
> On 01/17, Christian Brauner wrote:
> >
> > +static inline bool cgroup_same_domain(const struct cgroup *src_cgrp,
> > + const struct cgroup *dst_cgrp)
> > +{
> > + return src_cgrp->dom_cgrp == dst_cgrp->dom_cgrp;
> > +}
> > +
> > +static int cgroup_attach_permissions(struct cgroup *src_cgrp,
> > + struct cgroup *dst_cgrp,
> > + struct super_block *sb, bool thread)
> > +{
> > + int ret = 0;
> > +
> > + ret = cgroup_procs_write_permission(src_cgrp, dst_cgrp, sb);
> > + if (ret)
> > + return ret;
> > +
> > + ret = cgroup_migrate_vet_dst(dst_cgrp);
> > + if (ret)
> > + return ret;
> > +
> > + if (thread &&
> > + !cgroup_same_domain(src_cgrp->dom_cgrp, dst_cgrp->dom_cgrp))
> ^^^^^^^^^^ ^^^^^^^^^^
>
> cgroup_same_domain(src_cgrp, dst_cgrp)
>
> no?
>
> And given that cgroup_same_domain() has no other users, perhaps it can
> simply check
>
> src_cgrp->dom_cgrp != dst_cgrp->dom_cgrp
Yeah, I just added it because the helper is very descriptive given its
name. Maybe too descriptive given my braino.
I'll just remove it in favor of this check and give it a small comment.
Thanks!
Christian
Powered by blists - more mailing lists