From: Gowrishankar M <gomuthuk@xxxxxxxxxxxxxxxxxx> At present we scan all processes in init namespace, while getting or setting process priorities for a user. Incase of PID namespace, it leads to leak priority to processes in other namespace. Below patch proposes to use new macro controller to fix the boundary of processes list in current namespace. Signed-off-by: Gowrishankar M <gowrishankar.m@xxxxxxxxxxxxxxxxxx> --- kernel/sys.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/sys.c b/kernel/sys.c index 31deba8..50973de 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -181,7 +181,7 @@ asmlinkage long sys_setpriority(int which, int who, int niceval) if ((who != current->uid) && !(user = find_user(who))) goto out_unlock; /* No processes for this user */ - do_each_thread(g, p) + do_each_thread_in_ns(g, p, current->nsproxy->pid_ns) if (p->uid == who) error = set_one_prio(p, niceval, error); while_each_thread(g, p); @@ -243,7 +243,7 @@ asmlinkage long sys_getpriority(int which, int who) if ((who != current->uid) && !(user = find_user(who))) goto out_unlock; /* No processes for this user */ - do_each_thread(g, p) + do_each_thread_in_ns(g, p, current->nsproxy->pid_ns) if (p->uid == who) { niceval = 20 - task_nice(p); if (niceval > retval) -- 1.5.5.1 _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers