All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] cgroup: clarify cgroup_css_set_fork()
@ 2022-02-21 15:16 Christian Brauner
       [not found] ` <20220221151639.3828143-1-brauner-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
  0 siblings, 1 reply; 2+ messages in thread
From: Christian Brauner @ 2022-02-21 15:16 UTC (permalink / raw)
  To: Tejun Heo; +Cc: cgroups-u79uwXL29TY76Z2rM5mHXA, Christian Brauner

With recent fixes for the permission checking when moving a task into a cgroup
using a file descriptor to a cgroup's cgroup.procs file and calling write() it
seems a good idea to clarify CLONE_INTO_CGROUP permission checking with a
comment.

Cc: Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
Cc: <cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Signed-off-by: Christian Brauner <brauner-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
---
 kernel/cgroup/cgroup.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 9d05c3ca2d5e..0f8bd120be17 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -6166,6 +6166,18 @@ static int cgroup_css_set_fork(struct kernel_clone_args *kargs)
 	if (ret)
 		goto err;
 
+	/*
+	 * Note, spawning a task directly into a cgroup works by passing a file
+	 * descriptor to the target cgroup directory. This can even be an
+	 * O_PATH file descriptor. But it can never be a cgroup.procs file
+	 * descriptor. This was done on purpose so spawning into a cgroup could
+	 * be conceptualized as an atomic
+	 * fd = openat(dfd_cgroup, "cgroup.procs", ...);
+	 * write(fd, <child-pid>, ...);
+	 * sequence, i.e. it's a shorthand for the caller opening and writing
+	 * cgroup.procs of the cgroup indicated by @dfd_cgroup. This allows
+	 * us to always use the caller's credentials.
+	 */
 	ret = cgroup_attach_permissions(cset->dfl_cgrp, dst_cgrp, sb,
 					!(kargs->flags & CLONE_THREAD),
 					current->nsproxy->cgroup_ns);

base-commit: cfb92440ee71adcc2105b0890bb01ac3cddb8507
-- 
2.32.0


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] cgroup: clarify cgroup_css_set_fork()
       [not found] ` <20220221151639.3828143-1-brauner-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
@ 2022-02-22 17:39   ` Tejun Heo
  0 siblings, 0 replies; 2+ messages in thread
From: Tejun Heo @ 2022-02-22 17:39 UTC (permalink / raw)
  To: Christian Brauner; +Cc: cgroups-u79uwXL29TY76Z2rM5mHXA

On Mon, Feb 21, 2022 at 04:16:39PM +0100, Christian Brauner wrote:
> With recent fixes for the permission checking when moving a task into a cgroup
> using a file descriptor to a cgroup's cgroup.procs file and calling write() it
> seems a good idea to clarify CLONE_INTO_CGROUP permission checking with a
> comment.
> 
> Cc: Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
> Cc: <cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
> Signed-off-by: Christian Brauner <brauner-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>

Applied to for-5.17-fixes with cosmetic changes.

Thakns.

-- 
tejun

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-02-22 17:39 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-21 15:16 [PATCH] cgroup: clarify cgroup_css_set_fork() Christian Brauner
     [not found] ` <20220221151639.3828143-1-brauner-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2022-02-22 17:39   ` Tejun Heo

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.