Hello,
On traditional hierarchies, if a task has write access to "tasks" or
"cgroup.procs" file of a cgroup and its euid agrees with the target,
it can move the target to the cgroup; however, this allows a delegatee
to smuggle processes across disjoint sub-hierarchies violating the
organizational structure and resource restrictions imposed from higher
up.
To prevent these breaches, this patchset makes unified hierarchy
require write access to cgroup.procs of the common ancestor of the
source and destination cgroups. It also adds documentation on how
delegation of sub-hierarchies should be done on unified hierarchy.
This patchset contains the following four patches.
0001-kernfs-make-kernfs_get_inode-public.patch
0002-cgroup-separate-out-cgroup_procs_write_permission-fr.patch
0003-cgroup-require-write-perm-on-common-ancestor-when-mo.patch
0004-cgroup-add-delegation-section-to-unified-hierarchy-d.patch
0001-0002 are prep patches. 0003 implements the common ancestor rule
and 0004 documents delegation on unified hierarchy.
This patchset is on top of cgroup/for-4.2 4d205676c102 ("MAINTAINERS:
add a cgroup core co-maintainer") and available in the following git
branch.
git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup.git review-cgroup-delegation
diffstat follows. Thanks.
Documentation/cgroups/unified-hierarchy.txt | 102 +++++++++++++++++++++++-----
fs/kernfs/kernfs-internal.h | 1
include/linux/cgroup-defs.h | 1
include/linux/kernfs.h | 5 +
kernel/cgroup.c | 64 +++++++++++++----
5 files changed, 139 insertions(+), 34 deletions(-)
--
tejun
--
To unsubscribe from this list: send the line "unsubscribe cgroups" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
