diff options
| author | Linux Build Service Account <lnxbuild@localhost> | 2016-08-13 04:51:58 -0700 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2016-08-13 04:51:57 -0700 |
| commit | f7d92b8f9f3d0df67b5461ece5a2bf00c28ac781 (patch) | |
| tree | 579e8ad726fafa1295b97cfca7ee74fbc3958329 | |
| parent | bb5866bf9eeba2867bb96fbf03ae896e8854a60a (diff) | |
| parent | c0001a252b245e89151dab954eeebd39541a7dbf (diff) | |
Merge "cpuset: Add allow_attach hook for cpusets on android."
| -rw-r--r-- | kernel/cpuset.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/kernel/cpuset.c b/kernel/cpuset.c index 2ade632197d5..2df78d45a096 100644 --- a/kernel/cpuset.c +++ b/kernel/cpuset.c @@ -2075,12 +2075,30 @@ static void cpuset_bind(struct cgroup_subsys_state *root_css) mutex_unlock(&cpuset_mutex); } +static int cpuset_allow_attach(struct cgroup_taskset *tset) +{ + const struct cred *cred = current_cred(), *tcred; + struct task_struct *task; + struct cgroup_subsys_state *css; + + cgroup_taskset_for_each(task, css, tset) { + tcred = __task_cred(task); + + if ((current != task) && !capable(CAP_SYS_ADMIN) && + cred->euid.val != tcred->uid.val && cred->euid.val != tcred->suid.val) + return -EACCES; + } + + return 0; +} + struct cgroup_subsys cpuset_cgrp_subsys = { .css_alloc = cpuset_css_alloc, .css_online = cpuset_css_online, .css_offline = cpuset_css_offline, .css_free = cpuset_css_free, .can_attach = cpuset_can_attach, + .allow_attach = cpuset_allow_attach, .cancel_attach = cpuset_cancel_attach, .attach = cpuset_attach, .bind = cpuset_bind, |