Re: [PATCH 1/6] cgroup: Use open-time credentials for process migraton perm checks

From: Linus Torvalds
Date: Fri Dec 10 2021 - 12:42:24 EST

Next message: Steven Rostedt: "Re: [PATCH v7 02/13] user_events: Add minimal support for trace_event into ftrace"
Previous message: Steven Rostedt: "Re: [PATCH] recordmcount.pl: look for jgnop instruction as well as bcrl on s390"
In reply to: Tejun Heo: "[PATCH 1/6] cgroup: Use open-time credentials for process migraton perm checks"
Next in thread: Tejun Heo: "[PATCH 2/6] cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Dec 9, 2021 at 1:47 PM Tejun Heo <tj@xxxxxxxxxx> wrote:
>
> + saved_cred = override_creds(of->file->f_cred);
> ret = cgroup_attach_permissions(src_cgrp, dst_cgrp,
> of->file->f_path.dentry->d_sb, threadgroup);
> + revert_creds(saved_cred);

I'm not happy about adding another override_creds/revert_creds pair,
but looking at what that thing ends up doing I don't see a better
alternative - no sane way to pass in explicit creds due to the way
that "descend to common parent, use inode_permission" thing works.

So it's not pretty, and I don't love it, but I don't see a better
solution either.

Linus

Next message: Steven Rostedt: "Re: [PATCH v7 02/13] user_events: Add minimal support for trace_event into ftrace"
Previous message: Steven Rostedt: "Re: [PATCH] recordmcount.pl: look for jgnop instruction as well as bcrl on s390"
In reply to: Tejun Heo: "[PATCH 1/6] cgroup: Use open-time credentials for process migraton perm checks"
Next in thread: Tejun Heo: "[PATCH 2/6] cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]