Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 701112f5 authored by Rom Lemarchand's avatar Rom Lemarchand Committed by Ruchi Kandoi
Browse files

memcg: add permission check 



Use the 'allow_attach' handler for the 'mem' cgroup to allow
non-root processes to add arbitrary processes to a 'mem' cgroup
if it has the CAP_SYS_NICE capability set.

Bug: 18260435
Change-Id: If7d37bf90c1544024c4db53351adba6a64966250
Signed-off-by: default avatarRom Lemarchand <romlem@android.com>
parent 16474253

mm/memcontrol.c

+12 −0
Original line number Diff line number Diff line
@@ -6001,6 +6001,12 @@ static int mem_cgroup_can_attach(struct cgroup_subsys_state *css, 
	return ret;

}



static int mem_cgroup_allow_attach(struct cgroup_subsys_state *css,

				   struct cgroup_taskset *tset)

{

	return subsys_cgroup_allow_attach(css->cgroup, tset);

}



static void mem_cgroup_cancel_attach(struct cgroup_subsys_state *css,

				     struct cgroup_taskset *tset)

{
@@ -6169,6 +6175,11 @@ static int mem_cgroup_can_attach(struct cgroup_subsys_state *css, 
{

	return 0;

}

static int mem_cgroup_allow_attach(struct cgroup_subsys_state *css,

				   struct cgroup_taskset *tset)

{

	return 0;

}

static void mem_cgroup_cancel_attach(struct cgroup_subsys_state *css,

				     struct cgroup_taskset *tset)

{
@@ -6204,6 +6215,7 @@ struct cgroup_subsys memory_cgrp_subsys = { 
	.can_attach = mem_cgroup_can_attach,

	.cancel_attach = mem_cgroup_cancel_attach,

	.attach = mem_cgroup_move_task,

	.allow_attach = mem_cgroup_allow_attach,

	.bind = mem_cgroup_bind,

	.legacy_cftypes = mem_cgroup_files,

	.early_init = 0,