mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-18 00:24:39 +00:00
Code Issues Releases Wiki Activity
linux-stable/include
History
Tejun Heo 187fe84067 cgroup: require write perm on common ancestor when moving processes on the default hierarchy 
On traditional hierarchies, if a task has write access to "tasks" or
"cgroup.procs" file of a cgroup and its euid agrees with the target,
it can move the target to the cgroup; however, consider the following
scenario.  The owner of each cgroup is in the parentheses.

 R (root) - 0 (root) - 00 (user1) - 000 (user1)
          |                       \ 001 (user1)
          \ 1 (root) - 10 (user1)

The subtrees of 00 and 10 are delegated to user1; however, while both
subtrees may belong to the same user, it is clear that the two
subtrees are to be isolated - they're under completely separate
resource limits imposed by 0 and 1, respectively.  Note that 0 and 1
aren't strictly necessary but added to ease illustrating the issue.

If user1 is allowed to move processes between the two subtrees, the
intention of the hierarchy - keeping a given group of processes under
a subtree with certain resource restrictions while delegating
management of the subtree - can be circumvented by user1.

This happens because migration permission check doesn't consider the
hierarchical nature of cgroups.  To fix the issue, this patch adds an
extra permission requirement when userland tries to migrate a process
in the default hierarchy - the issuing task must have write access to
the common ancestor of "cgroup.procs" file of the ancestor in addition
to the destination's.

Conceptually, the issuer must be able to move the target process from
the source cgroup to the common ancestor of source and destination
cgroups and then to the destination.  As long as delegation is done in
a proper top-down way, this guarantees that a delegatee can't smuggle
processes across disjoint delegation domains.

The next patch will add documentation on the delegation model on the
default hierarchy.

v2: Fixed missing !ret test.  Spotted by Li Zefan.

Signed-off-by: Tejun Heo <tj@kernel.org>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: Li Zefan <lizefan@huawei.com>
2015-06-18 16:54:28 -04:00
..
acpi ACPICA updates for v4.1-rc1 2015-04-17 15:01:29 -04:00
asm-generic TTY/Serial patches for 4.1-rc1 2015-04-21 09:33:10 -07:00
clocksource
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2015-04-15 10:42:15 -07:00
drm Merge tag 'topic/drm-misc-2015-04-15' of git://anongit.freedesktop.org/drm-intel into drm-next 2015-04-16 08:34:24 +10:00
dt-bindings ARM: SoC multiplatform code changes for v4.1 2015-04-22 09:20:15 -07:00
keys
kvm KVM/ARM changes for v4.1: 2015-04-07 18:09:20 +02:00
linux cgroup: require write perm on common ancestor when moving processes on the default hierarchy 2015-06-18 16:54:28 -04:00
math-emu
media Merge branch 'patchwork' into v4l_for_linus 2015-04-21 06:12:35 -03:00
memory
misc
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-04-17 16:31:08 -04:00
pcmcia
ras
rdma
rxrpc
scsi SCSI misc on 20150416 2015-04-16 19:02:04 -04:00
soc
sound ASoC: Updates for v4.1 2015-04-13 14:14:29 +02:00
target
trace The changes to the common clock framework for 4.0 are mostly new clock 2015-04-21 09:24:09 -07:00
uapi Some virtio internal cleanups, a new virtio device "virtio input", and 2015-04-22 10:55:06 -07:00
video fbdev changes for v4.1 2015-04-20 15:16:25 -07:00
xen xenbus_client: Extend interface to support multi-page ring 2015-04-15 10:56:47 +01:00
Kbuild