Re: [PATCH v4 1/6] cgroup: unify attach permission checking
From: Oleg Nesterov
Date: Mon Jan 20 2020 - 09:42:55 EST
I guess I am totally confused, but...
On 01/17, Christian Brauner wrote:
>
> +static inline bool cgroup_same_domain(const struct cgroup *src_cgrp,
> + const struct cgroup *dst_cgrp)
> +{
> + return src_cgrp->dom_cgrp == dst_cgrp->dom_cgrp;
> +}
> +
> +static int cgroup_attach_permissions(struct cgroup *src_cgrp,
> + struct cgroup *dst_cgrp,
> + struct super_block *sb, bool thread)
> +{
> + int ret = 0;
> +
> + ret = cgroup_procs_write_permission(src_cgrp, dst_cgrp, sb);
> + if (ret)
> + return ret;
> +
> + ret = cgroup_migrate_vet_dst(dst_cgrp);
> + if (ret)
> + return ret;
> +
> + if (thread &&
> + !cgroup_same_domain(src_cgrp->dom_cgrp, dst_cgrp->dom_cgrp))
^^^^^^^^^^ ^^^^^^^^^^
cgroup_same_domain(src_cgrp, dst_cgrp)
no?
And given that cgroup_same_domain() has no other users, perhaps it can
simply check
src_cgrp->dom_cgrp != dst_cgrp->dom_cgrp
?
Oleg.