diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-12-28 14:43:54 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-12-28 14:43:54 -0500 |
| commit | bb26c6c29b7cc9f39e491b074b09f3c284738d36 (patch) | |
| tree | c7867af2bb4ff0feae889183efcd4d79b0f9a325 /kernel/cgroup.c | |
| parent | e14e61e967f2b3bdf23f05e4ae5b9aa830151a44 (diff) | |
| parent | cbacc2c7f066a1e01b33b0e27ae5efbf534bc2db (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (105 commits)
SELinux: don't check permissions for kernel mounts
security: pass mount flags to security_sb_kern_mount()
SELinux: correctly detect proc filesystems of the form "proc/foo"
Audit: Log TIOCSTI
user namespaces: document CFS behavior
user namespaces: require cap_set{ug}id for CLONE_NEWUSER
user namespaces: let user_ns be cloned with fairsched
CRED: fix sparse warnings
User namespaces: use the current_user_ns() macro
User namespaces: set of cleanups (v2)
nfsctl: add headers for credentials
coda: fix creds reference
capabilities: define get_vfs_caps_from_disk when file caps are not enabled
CRED: Allow kernel services to override LSM settings for task actions
CRED: Add a kernel_service object class to SELinux
CRED: Differentiate objective and effective subjective credentials on a task
CRED: Documentation
CRED: Use creds in file structs
CRED: Prettify commoncap.c
CRED: Make execve() take advantage of copy-on-write credentials
...
Diffstat (limited to 'kernel/cgroup.c')
| -rw-r--r-- | kernel/cgroup.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/kernel/cgroup.c b/kernel/cgroup.c index 2606d0fb4e54..48348dde6d81 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c | |||
| @@ -571,8 +571,8 @@ static struct inode *cgroup_new_inode(mode_t mode, struct super_block *sb) | |||
| 571 | 571 | ||
| 572 | if (inode) { | 572 | if (inode) { |
| 573 | inode->i_mode = mode; | 573 | inode->i_mode = mode; |
| 574 | inode->i_uid = current->fsuid; | 574 | inode->i_uid = current_fsuid(); |
| 575 | inode->i_gid = current->fsgid; | 575 | inode->i_gid = current_fsgid(); |
| 576 | inode->i_blocks = 0; | 576 | inode->i_blocks = 0; |
| 577 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; | 577 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; |
| 578 | inode->i_mapping->backing_dev_info = &cgroup_backing_dev_info; | 578 | inode->i_mapping->backing_dev_info = &cgroup_backing_dev_info; |
| @@ -1280,6 +1280,7 @@ int cgroup_attach_task(struct cgroup *cgrp, struct task_struct *tsk) | |||
| 1280 | static int attach_task_by_pid(struct cgroup *cgrp, u64 pid) | 1280 | static int attach_task_by_pid(struct cgroup *cgrp, u64 pid) |
| 1281 | { | 1281 | { |
| 1282 | struct task_struct *tsk; | 1282 | struct task_struct *tsk; |
| 1283 | const struct cred *cred = current_cred(), *tcred; | ||
| 1283 | int ret; | 1284 | int ret; |
| 1284 | 1285 | ||
| 1285 | if (pid) { | 1286 | if (pid) { |
| @@ -1289,14 +1290,16 @@ static int attach_task_by_pid(struct cgroup *cgrp, u64 pid) | |||
| 1289 | rcu_read_unlock(); | 1290 | rcu_read_unlock(); |
| 1290 | return -ESRCH; | 1291 | return -ESRCH; |
| 1291 | } | 1292 | } |
| 1292 | get_task_struct(tsk); | ||
| 1293 | rcu_read_unlock(); | ||
| 1294 | 1293 | ||
| 1295 | if ((current->euid) && (current->euid != tsk->uid) | 1294 | tcred = __task_cred(tsk); |
| 1296 | && (current->euid != tsk->suid)) { | 1295 | if (cred->euid && |
| 1297 | put_task_struct(tsk); | 1296 | cred->euid != tcred->uid && |
| 1297 | cred->euid != tcred->suid) { | ||
| 1298 | rcu_read_unlock(); | ||
| 1298 | return -EACCES; | 1299 | return -EACCES; |
| 1299 | } | 1300 | } |
| 1301 | get_task_struct(tsk); | ||
| 1302 | rcu_read_unlock(); | ||
| 1300 | } else { | 1303 | } else { |
| 1301 | tsk = current; | 1304 | tsk = current; |
| 1302 | get_task_struct(tsk); | 1305 | get_task_struct(tsk); |