Re: [PATCH] cgroup-v1: Require capabilities to set release_agent (backport to v4.12)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Feb 08, 2022 at 07:24:02PM +0100, Michal Koutný wrote:
> From: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
> 
> The cgroup release_agent is called with call_usermodehelper.  The function
> call_usermodehelper starts the release_agent with a full set fo capabilities.
> Therefore require capabilities when setting the release_agaent.
> 
> [ Upstream commit 24f6008564183aa120d07c03d9289519c2fe02af ]
> 
> Reported-by: Tabitha Sable <tabitha.c.sable@xxxxxxxxx>
> Tested-by: Tabitha Sable <tabitha.c.sable@xxxxxxxxx>
> Fixes: 81a6a5cdd2c5 ("Task Control Groups: automatic userspace notification of idle cgroups")
> Cc: stable@xxxxxxxxxxxxxxx # v2.6.24+
> Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
> Signed-off-by: Tejun Heo <tj@xxxxxxxxxx>
> [mkoutny: Adjust for pre-fs_context, duplicate mount/remount check, drop log messages.]
> Acked-by: Michal Koutný <mkoutny@xxxxxxxx>
> ---
> 
> Hello,
> FWIW, I'm sharing v4.12 backport of the aforementioned patch (v4.12 is not
> actual stable but someone may find it useful).

What about 4.19 and 4.14 versions?  Those would be useful :)

thanks,

greg k-h



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux