Quoting Eric W. Biederman (ebiederm@xxxxxxxxxxxx): > Gowrishankar M <gowrishankar.m@xxxxxxxxxxxxxxxxxx> writes: > > > From: Gowrishankar M <gomuthuk@xxxxxxxxxxxxxxxxxx> > > > > At present we scan all processes in init namespace, while getting or setting > > process priorities for a user. Incase of PID namespace, it leads to leak > > priority to processes in other namespace. > > > > Below patch proposes to use new macro controller to fix the boundary of > > processes list in current namespace. > > Nacked-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> > > This has nothing to do with pids. The command is to set the > iopriority for a given user. This is a problem of the user namespace > not the pid namespace. The uid check needs to be fixed for user namespaces, agreed. I could go either way though on whether we should also restrict to the same pidns. (note to fix the userns part of this added to my userns queue - first I want to finish with keys; then maybe this should be done before handling capabilities) So if you want to nack this, I'll go along with that, but I think it's useful. thanks, -serge _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
