Revert "cgroup: Add generic cgroup subsystem permission checks."
This reverts commit 1d38bc7d05.
Change-Id: I2c5066b696cbdd5ca117ed74718bcb7e70e878e7
Signed-off-by: Colin Cross <ccross@android.com>
This commit is contained in:
Colin Cross
@@ -58,7 +58,6 @@
|
|||||||
#include <linux/eventfd.h>
|
#include <linux/eventfd.h>
|
||||||
#include <linux/poll.h>
|
#include <linux/poll.h>
|
||||||
#include <linux/flex_array.h> /* used in cgroup_attach_proc */
|
#include <linux/flex_array.h> /* used in cgroup_attach_proc */
|
||||||
#include <linux/capability.h>
|
|
||||||
|
|
||||||
#include <asm/atomic.h>
|
#include <asm/atomic.h>
|
||||||
|
|
||||||
@@ -1844,15 +1843,6 @@ int cgroup_attach_task(struct cgroup *cgrp, struct task_struct *tsk)
|
|||||||
failed_ss = ss;
|
failed_ss = ss;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
} else if (!capable(CAP_SYS_ADMIN)) {
|
|
||||||
const struct cred *cred = current_cred(), *tcred;
|
|
||||||
|
|
||||||
/* No can_attach() - check perms generically */
|
|
||||||
tcred = __task_cred(tsk);
|
|
||||||
if (cred->euid != tcred->uid &&
|
|
||||||
cred->euid != tcred->suid) {
|
|
||||||
return -EACCES;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
if (ss->can_attach_task) {
|
if (ss->can_attach_task) {
|
||||||
retval = ss->can_attach_task(cgrp, tsk);
|
retval = ss->can_attach_task(cgrp, tsk);
|
||||||
|
|||||||
@@ -164,14 +164,6 @@ static int freezer_can_attach(struct cgroup_subsys *ss,
|
|||||||
{
|
{
|
||||||
struct freezer *freezer;
|
struct freezer *freezer;
|
||||||
|
|
||||||
if ((current != task) && (!capable(CAP_SYS_ADMIN))) {
|
|
||||||
const struct cred *cred = current_cred(), *tcred;
|
|
||||||
|
|
||||||
tcred = __task_cred(task);
|
|
||||||
if (cred->euid != tcred->uid && cred->euid != tcred->suid)
|
|
||||||
return -EPERM;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Anything frozen can't move or be moved to/from.
|
* Anything frozen can't move or be moved to/from.
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -1373,13 +1373,6 @@ static int cpuset_can_attach(struct cgroup_subsys *ss, struct cgroup *cont,
|
|||||||
{
|
{
|
||||||
struct cpuset *cs = cgroup_cs(cont);
|
struct cpuset *cs = cgroup_cs(cont);
|
||||||
|
|
||||||
if ((current != task) && (!capable(CAP_SYS_ADMIN))) {
|
|
||||||
const struct cred *cred = current_cred(), *tcred;
|
|
||||||
|
|
||||||
if (cred->euid != tcred->uid && cred->euid != tcred->suid)
|
|
||||||
return -EPERM;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (cpumask_empty(cs->cpus_allowed) || nodes_empty(cs->mems_allowed))
|
if (cpumask_empty(cs->cpus_allowed) || nodes_empty(cs->mems_allowed))
|
||||||
return -ENOSPC;
|
return -ENOSPC;
|
||||||
|
|
||||||
|
|||||||
@@ -8801,15 +8801,6 @@ cpu_cgroup_destroy(struct cgroup_subsys *ss, struct cgroup *cgrp)
|
|||||||
static int
|
static int
|
||||||
cpu_cgroup_can_attach_task(struct cgroup *cgrp, struct task_struct *tsk)
|
cpu_cgroup_can_attach_task(struct cgroup *cgrp, struct task_struct *tsk)
|
||||||
{
|
{
|
||||||
if ((current != tsk) && (!capable(CAP_SYS_NICE))) {
|
|
||||||
const struct cred *cred = current_cred(), *tcred;
|
|
||||||
|
|
||||||
tcred = __task_cred(tsk);
|
|
||||||
|
|
||||||
if (cred->euid != tcred->uid && cred->euid != tcred->suid)
|
|
||||||
return -EPERM;
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifdef CONFIG_RT_GROUP_SCHED
|
#ifdef CONFIG_RT_GROUP_SCHED
|
||||||
if (!sched_rt_can_attach(cgroup_tg(cgrp), tsk))
|
if (!sched_rt_can_attach(cgroup_tg(cgrp), tsk))
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|||||||
Reference in New Issue
Block a user