> /** > - * cgroup_is_descendant - see if @cgrp is a descendant of current task's cgrp > + * cgroup_is_descendant - see if @cgrp is a descendant of @task's cgrp > * @cgrp: the cgroup in question > + * @task: the task in question > + * @subsys_id: cgroup subsystem id used to determine hierarchy; if negative, > + * use get_first_subsys() The last argument is redundant. [...] > - orig = task_cgroup(task, ns_subsys_id); > - if (orig && orig != new_cgroup->parent) > + if (!cgroup_is_descendant(new_cgroup, task, ns_subsys_id)) It makes no difference with: if (!cgroup_is_descendant(new_cgroup, task, -1)) That's why we don't need argument 'subsys_id'. > return -EPERM; > > return 0; > @@ -78,7 +75,7 @@ static struct cgroup_subsys_state *ns_create(struct cgroup_subsys *ss, > > if (!capable(CAP_SYS_ADMIN)) > return ERR_PTR(-EPERM); > - if (!cgroup_is_descendant(cgroup)) > + if (!cgroup_is_descendant(cgroup, current, -1)) > return ERR_PTR(-EPERM); > > ns_cgroup = kzalloc(sizeof(*ns_cgroup), GFP_KERNEL); _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers