cgroup: Add generic cgroup subsystem permission checks.
Rather than using explicit euid == 0 checks when trying to move
tasks into a cgroup via CFS, move permission checks into each
specific cgroup subsystem. If a subsystem does not specify a
'can_attach' handler, then we fall back to doing our checks the old way.
This way non-root processes can add arbitrary processes to
a cgroup if all the registered subsystems on that cgroup agree.
Also change explicit euid == 0 check to CAP_SYS_ADMIN
Signed-off-by: San Mehat <san@google.com>
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 2731d11..129b47f 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -58,6 +58,7 @@
#include <linux/eventfd.h>
#include <linux/poll.h>
#include <linux/flex_array.h> /* used in cgroup_attach_proc */
+#include <linux/capability.h>
#include <asm/atomic.h>
@@ -1839,6 +1840,15 @@
failed_ss = ss;
goto out;
}
+ } else if (!capable(CAP_SYS_ADMIN)) {
+ const struct cred *cred = current_cred(), *tcred;
+
+ /* No can_attach() - check perms generically */
+ tcred = __task_cred(tsk);
+ if (cred->euid != tcred->uid &&
+ cred->euid != tcred->suid) {
+ return -EACCES;
+ }
}
if (ss->can_attach_task) {
retval = ss->can_attach_task(cgrp, tsk);