Re: [PATCH v4 1/6] cgroup: unify attach permission checking

[PATCH v4 0/6] clone3 & cgroups: allow spawning processes into cgroups · Christian Brauner <hidden> · 2020-01-17
[PATCH v4 4/6] cgroup: add cgroup_may_write() helper · Christian Brauner <hidden> · 2020-01-17
[PATCH v4 2/6] cgroup: add cgroup_get_from_file() helper · Christian Brauner <hidden> · 2020-01-17
[PATCH v4 6/6] selftests/cgroup: add tests for cloning into cgroups · Christian Brauner <hidden> · 2020-01-17
Re: [PATCH v4 6/6] selftests/cgroup: add tests for cloning into cgroups · Roman Gushchin <hidden> · 2020-01-17
[PATCH v4 5/6] clone3: allow spawning processes into cgroups · Christian Brauner <hidden> · 2020-01-17
Re: [PATCH v4 5/6] clone3: allow spawning processes into cgroups · Oleg Nesterov <oleg@redhat.com> · 2020-01-20
Re: [PATCH v4 5/6] clone3: allow spawning processes into cgroups · Christian Brauner <hidden> · 2020-01-20
[PATCH v4 3/6] cgroup: refactor fork helpers · Christian Brauner <hidden> · 2020-01-17
Re: [PATCH v4 3/6] cgroup: refactor fork helpers · Oleg Nesterov <oleg@redhat.com> · 2020-01-20
Re: [PATCH v4 3/6] cgroup: refactor fork helpers · Christian Brauner <hidden> · 2020-01-20
Re: [PATCH v4 3/6] cgroup: refactor fork helpers · Oleg Nesterov <oleg@redhat.com> · 2020-01-20
Re: [PATCH v4 3/6] cgroup: refactor fork helpers · Christian Brauner <hidden> · 2020-01-20
[PATCH v4 1/6] cgroup: unify attach permission checking · Christian Brauner <hidden> · 2020-01-17
Re: [PATCH v4 1/6] cgroup: unify attach permission checking · Oleg Nesterov <oleg@redhat.com> · 2020-01-20
Re: [PATCH v4 1/6] cgroup: unify attach permission checking · Christian Brauner <hidden> · 2020-01-20

From: Christian Brauner <hidden>
Date: 2020-01-20 14:46:36
Also in: cgroups, lkml

On Mon, Jan 20, 2020 at 03:42:45PM +0100, Oleg Nesterov wrote:

I guess I am totally confused, but...

On 01/17, Christian Brauner wrote:

quoted

+static inline bool cgroup_same_domain(const struct cgroup *src_cgrp,
+				      const struct cgroup *dst_cgrp)
+{
+	return src_cgrp->dom_cgrp == dst_cgrp->dom_cgrp;
+}
+
+static int cgroup_attach_permissions(struct cgroup *src_cgrp,
+				     struct cgroup *dst_cgrp,
+				     struct super_block *sb, bool thread)
+{
+	int ret = 0;
+
+	ret = cgroup_procs_write_permission(src_cgrp, dst_cgrp, sb);
+	if (ret)
+		return ret;
+
+	ret = cgroup_migrate_vet_dst(dst_cgrp);
+	if (ret)
+		return ret;
+
+	if (thread &&
+	    !cgroup_same_domain(src_cgrp->dom_cgrp, dst_cgrp->dom_cgrp))

                                        ^^^^^^^^^^          ^^^^^^^^^^

             cgroup_same_domain(src_cgrp, dst_cgrp)

no?

And given that cgroup_same_domain() has no other users, perhaps it can
simply check

	     src_cgrp->dom_cgrp != dst_cgrp->dom_cgrp

Yeah, I just added it because the helper is very descriptive given its
name. Maybe too descriptive given my braino.
I'll just remove it in favor of this check and give it a small comment.

Thanks!
Christian

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help