Michal Koutný ebeb7b7357 cgroup-v1: Correct privileges check in release_agent writes ... commit 467a726b75 upstream. The idea is to check: a) the owning user_ns of cgroup_ns, b) capabilities in init_user_ns. The commit 24f6008564 ("cgroup-v1: Require capabilities to set release_agent") got this wrong in the write handler of release_agent since it checked user_ns of the opener (may be different from the owning user_ns of cgroup_ns). Secondly, to avoid possibly confused deputy, the capability of the opener must be checked. Fixes: 24f6008564 ("cgroup-v1: Require capabilities to set release_agent") Cc: stable@vger.kernel.org Link: https://lore.kernel.org/stable/20220216121142.GB30035@blackbody.suse.cz/ Signed-off-by: Michal Koutný <mkoutny@suse.com> Reviewed-by: Masami Ichikawa(CIP) <masami.ichikawa@cybertrust.co.jp> Signed-off-by: Tejun Heo <tj@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2022-03-02 11:47:47 +01:00
..
cgroup-internal.h	cgroup: Use open-time cgroup namespace for process migration perm checks	2022-01-11 15:35:15 +01:00
cgroup-v1.c	cgroup-v1: Correct privileges check in release_agent writes	2022-03-02 11:47:47 +01:00
cgroup.c	psi: Fix uaf issue when psi trigger is destroyed while being polled	2022-02-01 17:27:01 +01:00
cpuset.c	cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug	2022-03-02 11:47:47 +01:00
debug.c
freezer.c
legacy_freezer.c
Makefile
misc.c
namespace.c	memcg: enable accounting for new namesapces and struct nsproxy	2021-09-03 09:58:12 -07:00
pids.c
rdma.c
rstat.c	cgroup: Fix rootcg cpu.stat guest double counting	2021-11-18 19:16:45 +01:00