From: Gowrishankar M <gomuthuk@xxxxxxxxxxxxxxxxxx>
At present we scan all processes in init namespace, while getting or setting
process priorities for a user. Incase of PID namespace, it leads to leak
priority to processes in other namespace.
Below patch proposes to use new macro controller to fix the boundary of
processes list in current namespace.
Signed-off-by: Gowrishankar M <gowrishankar.m@xxxxxxxxxxxxxxxxxx>
---
kernel/sys.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/sys.c b/kernel/sys.c
index 31deba8..50973de 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -181,7 +181,7 @@ asmlinkage long sys_setpriority(int which, int who, int niceval)
if ((who != current->uid) && !(user = find_user(who)))
goto out_unlock; /* No processes for this user */
- do_each_thread(g, p)
+ do_each_thread_in_ns(g, p, current->nsproxy->pid_ns)
if (p->uid == who)
error = set_one_prio(p, niceval, error);
while_each_thread(g, p);
@@ -243,7 +243,7 @@ asmlinkage long sys_getpriority(int which, int who)
if ((who != current->uid) && !(user = find_user(who)))
goto out_unlock; /* No processes for this user */
- do_each_thread(g, p)
+ do_each_thread_in_ns(g, p, current->nsproxy->pid_ns)
if (p->uid == who) {
niceval = 20 - task_nice(p);
if (niceval > retval)
--
1.5.5.1
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
