Revert "Revert "CHROMIUM: cgroups: relax permissions on moving tasks between cgroups""

This reverts commit 631c0bba0a. Although this boots and passes CI build/boot testing, it leaves a dirty trail consisting of 1000's of failures in the log and probably wouldn't function all that well on a real H/W platform. 08-16 12:20:13.003 658 697 E libprocessgroup: AddTidToCgroup failed to write '3138'; fd=121: Permission denied 08-16 12:20:13.003 658 697 E libprocessgroup: Failed to add task into cgroup Change-Id: Ia0f1948b0e94c27e5cecae8691348e044b32f7d6 Signed-off-by: Lee Jones <lee.jones@linaro.org>
2026-06-06 10:58:48 +09:00 · 2021-08-16 14:50:13 +01:00
parent 631c0bba0a
commit eba773ab53
1 changed files with 2 additions and 1 deletions
--- a/kernel/cgroup/cgroup-v1.c
+++ b/kernel/cgroup/cgroup-v1.c
@@ -511,7 +511,8 @@ static ssize_t __cgroup1_procs_write(struct kernfs_open_file *of,
 	tcred = get_task_cred(task);
 	if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
 	    !uid_eq(cred->euid, tcred->uid) &&
-	    !uid_eq(cred->euid, tcred->suid))
+	    !uid_eq(cred->euid, tcred->suid) &&
+	    !ns_capable(tcred->user_ns, CAP_SYS_NICE))
 		ret = -EACCES;
 	put_cred(tcred);
 	if (ret)