cgroup: Add generic cgroup subsystem permission checks.

    Rather than using explicit euid == 0 checks when trying to move
tasks into a cgroup via CFS, move permission checks into each
specific cgroup subsystem. If a subsystem does not specify a
'can_attach' handler, then we fall back to doing our checks the old way.

    This way non-root processes can add arbitrary processes to
a cgroup if all the registered subsystems on that cgroup agree.

    Also change explicit euid == 0 check to CAP_SYS_ADMIN

Signed-off-by: San Mehat <san@google.com>

1 files changed, 10 insertions, 0 deletions

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 2731d115d72..129b47f1df5 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -58,6 +58,7 @@
 #include <linux/eventfd.h>
 #include <linux/poll.h>
 #include <linux/flex_array.h> /* used in cgroup_attach_proc */
+#include <linux/capability.h>
 
 #include <asm/atomic.h>
 
@@ -1839,6 +1840,15 @@ int cgroup_attach_task(struct cgroup *cgrp, struct task_struct *tsk)
 				failed_ss = ss;
 				goto out;
 			}
+		} else if (!capable(CAP_SYS_ADMIN)) {
+			const struct cred *cred = current_cred(), *tcred;
+
+			/* No can_attach() - check perms generically */
+			tcred = __task_cred(tsk);
+			if (cred->euid != tcred->uid &&
+			    cred->euid != tcred->suid) {
+				return -EACCES;
+			}
 		}
 		if (ss->can_attach_task) {
 			retval = ss->can_attach_task(cgrp, tsk);