diff options
| author | Riley Andrews <riandrews@google.com> | 2015-06-05 18:59:29 -0700 |
|---|---|---|
| committer | Mister Oyster <oysterized@gmail.com> | 2017-12-11 19:09:41 +0100 |
| commit | 1625be03295153209b19cce23dbb0b893e3e52c5 (patch) | |
| tree | 40bf9f7c76af1bb33dd5220b488b09e97650ae39 | |
| parent | e135f96935ee425a677889c7b94ffc205644bf46 (diff) | |
cpuset: Add allow_attach hook for cpusets on android.
Change-Id: Ic1b61b2bbb7ce74c9e9422b5e22ee9078251de21
| -rw-r--r-- | kernel/cpuset.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/kernel/cpuset.c b/kernel/cpuset.c index ab114ba37..66a980fcf 100644 --- a/kernel/cpuset.c +++ b/kernel/cpuset.c @@ -1419,6 +1419,23 @@ out_unlock: return ret; } +static int cpuset_allow_attach(struct cgroup *cgrp, + struct cgroup_taskset *tset) +{ + const struct cred *cred = current_cred(), *tcred; + struct task_struct *task; + + cgroup_taskset_for_each(task, cgrp, tset) { + tcred = __task_cred(task); + + if ((current != task) && !capable(CAP_SYS_ADMIN) && + cred->euid != tcred->uid && cred->euid != tcred->suid) + return -EACCES; + } + + return 0; +} + static void cpuset_cancel_attach(struct cgroup *cgrp, struct cgroup_taskset *tset) { @@ -1982,6 +1999,7 @@ struct cgroup_subsys cpuset_subsys = { .css_offline = cpuset_css_offline, .css_free = cpuset_css_free, .can_attach = cpuset_can_attach, + .allow_attach = cpuset_allow_attach, .cancel_attach = cpuset_cancel_attach, .attach = cpuset_attach, .subsys_id = cpuset_subsys_id, |