From eba773ab53d07ef0710070fcc4a9d197ff24d68b Mon Sep 17 00:00:00 2001
From: Lee Jones <lee.jones@linaro.org>
Date: Mon, 16 Aug 2021 14:50:13 +0100
Subject: [PATCH] Revert "Revert "CHROMIUM: cgroups: relax permissions on
 moving tasks between cgroups""

This reverts commit 631c0bba0a537c4bf872d99fc0d0791bd5577b7e.

Although this boots and passes CI build/boot testing, it leaves a
dirty trail consisting of 1000's of failures in the log and probably
wouldn't function all that well on a real H/W platform.

  08-16 12:20:13.003   658   697 E libprocessgroup: AddTidToCgroup failed to write '3138'; fd=121: Permission denied
  08-16 12:20:13.003   658   697 E libprocessgroup: Failed to add task into cgroup

Change-Id: Ia0f1948b0e94c27e5cecae8691348e044b32f7d6
Signed-off-by: Lee Jones <lee.jones@linaro.org>
---
 kernel/cgroup/cgroup-v1.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kernel/cgroup/cgroup-v1.c b/kernel/cgroup/cgroup-v1.c
index 939cee0a2b6a..e3888c3ad6e1 100644
--- a/kernel/cgroup/cgroup-v1.c
+++ b/kernel/cgroup/cgroup-v1.c
@@ -511,7 +511,8 @@ static ssize_t __cgroup1_procs_write(struct kernfs_open_file *of,
 	tcred = get_task_cred(task);
 	if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
 	    !uid_eq(cred->euid, tcred->uid) &&
-	    !uid_eq(cred->euid, tcred->suid))
+	    !uid_eq(cred->euid, tcred->suid) &&
+	    !ns_capable(tcred->user_ns, CAP_SYS_NICE))
 		ret = -EACCES;
 	put_cred(tcred);
 	if (ret)