* [PATCH] cgroup: clarify cgroup_css_set_fork()
@ 2022-02-21 15:16 Christian Brauner
[not found] ` <20220221151639.3828143-1-brauner-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
0 siblings, 1 reply; 2+ messages in thread
From: Christian Brauner @ 2022-02-21 15:16 UTC (permalink / raw)
To: Tejun Heo; +Cc: cgroups-u79uwXL29TY76Z2rM5mHXA, Christian Brauner
With recent fixes for the permission checking when moving a task into a cgroup
using a file descriptor to a cgroup's cgroup.procs file and calling write() it
seems a good idea to clarify CLONE_INTO_CGROUP permission checking with a
comment.
Cc: Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
Cc: <cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Signed-off-by: Christian Brauner <brauner-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
---
kernel/cgroup/cgroup.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 9d05c3ca2d5e..0f8bd120be17 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -6166,6 +6166,18 @@ static int cgroup_css_set_fork(struct kernel_clone_args *kargs)
if (ret)
goto err;
+ /*
+ * Note, spawning a task directly into a cgroup works by passing a file
+ * descriptor to the target cgroup directory. This can even be an
+ * O_PATH file descriptor. But it can never be a cgroup.procs file
+ * descriptor. This was done on purpose so spawning into a cgroup could
+ * be conceptualized as an atomic
+ * fd = openat(dfd_cgroup, "cgroup.procs", ...);
+ * write(fd, <child-pid>, ...);
+ * sequence, i.e. it's a shorthand for the caller opening and writing
+ * cgroup.procs of the cgroup indicated by @dfd_cgroup. This allows
+ * us to always use the caller's credentials.
+ */
ret = cgroup_attach_permissions(cset->dfl_cgrp, dst_cgrp, sb,
!(kargs->flags & CLONE_THREAD),
current->nsproxy->cgroup_ns);
base-commit: cfb92440ee71adcc2105b0890bb01ac3cddb8507
--
2.32.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] cgroup: clarify cgroup_css_set_fork()
[not found] ` <20220221151639.3828143-1-brauner-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
@ 2022-02-22 17:39 ` Tejun Heo
0 siblings, 0 replies; 2+ messages in thread
From: Tejun Heo @ 2022-02-22 17:39 UTC (permalink / raw)
To: Christian Brauner; +Cc: cgroups-u79uwXL29TY76Z2rM5mHXA
On Mon, Feb 21, 2022 at 04:16:39PM +0100, Christian Brauner wrote:
> With recent fixes for the permission checking when moving a task into a cgroup
> using a file descriptor to a cgroup's cgroup.procs file and calling write() it
> seems a good idea to clarify CLONE_INTO_CGROUP permission checking with a
> comment.
>
> Cc: Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
> Cc: <cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
> Signed-off-by: Christian Brauner <brauner-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
Applied to for-5.17-fixes with cosmetic changes.
Thakns.
--
tejun
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-02-22 17:39 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-21 15:16 [PATCH] cgroup: clarify cgroup_css_set_fork() Christian Brauner
[not found] ` <20220221151639.3828143-1-brauner-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2022-02-22 17:39 ` Tejun Heo
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.