printk: Fix log_buf_copy termination.
[linux-2.6.git] / kernel / cgroup.c
index e1c72c0..e06035a 100644 (file)
  */
 
 #include <linux/cgroup.h>
+#include <linux/cred.h>
 #include <linux/ctype.h>
 #include <linux/errno.h>
 #include <linux/fs.h>
+#include <linux/init_task.h>
 #include <linux/kernel.h>
 #include <linux/list.h>
 #include <linux/mm.h>
@@ -58,8 +60,9 @@
 #include <linux/eventfd.h>
 #include <linux/poll.h>
 #include <linux/flex_array.h> /* used in cgroup_attach_proc */
+#include <linux/capability.h>
 
-#include <asm/atomic.h>
+#include <linux/atomic.h>
 
 static DEFINE_MUTEX(cgroup_mutex);
 
@@ -1514,6 +1517,7 @@ static struct dentry *cgroup_mount(struct file_system_type *fs_type,
                struct cgroup *root_cgrp = &root->top_cgroup;
                struct inode *inode;
                struct cgroupfs_root *existing_root;
+               const struct cred *cred;
                int i;
 
                BUG_ON(sb->s_root != NULL);
@@ -1593,7 +1597,9 @@ static struct dentry *cgroup_mount(struct file_system_type *fs_type,
                BUG_ON(!list_empty(&root_cgrp->children));
                BUG_ON(root->number_of_cgroups != 1);
 
+               cred = override_creds(&init_cred);
                cgroup_populate_dir(root_cgrp);
+               revert_creds(cred);
                mutex_unlock(&cgroup_mutex);
                mutex_unlock(&inode->i_mutex);
        } else {
@@ -1697,7 +1703,6 @@ int cgroup_path(const struct cgroup *cgrp, char *buf, int buflen)
 {
        char *start;
        struct dentry *dentry = rcu_dereference_check(cgrp->dentry,
-                                                     rcu_read_lock_held() ||
                                                      cgroup_lock_is_held());
 
        if (!dentry || cgrp == dummytop) {
@@ -1723,7 +1728,6 @@ int cgroup_path(const struct cgroup *cgrp, char *buf, int buflen)
                        break;
 
                dentry = rcu_dereference_check(cgrp->dentry,
-                                              rcu_read_lock_held() ||
                                               cgroup_lock_is_held());
                if (!cgrp->parent)
                        continue;
@@ -1839,6 +1843,15 @@ int cgroup_attach_task(struct cgroup *cgrp, struct task_struct *tsk)
                                failed_ss = ss;
                                goto out;
                        }
+               } else if (!capable(CAP_SYS_ADMIN)) {
+                       const struct cred *cred = current_cred(), *tcred;
+
+                       /* No can_attach() - check perms generically */
+                       tcred = __task_cred(tsk);
+                       if (cred->euid != tcred->uid &&
+                           cred->euid != tcred->suid) {
+                               return -EACCES;
+                       }
                }
                if (ss->can_attach_task) {
                        retval = ss->can_attach_task(cgrp, tsk);
@@ -4814,8 +4827,7 @@ unsigned short css_id(struct cgroup_subsys_state *css)
         * on this or this is under rcu_read_lock(). Once css->id is allocated,
         * it's unchanged until freed.
         */
-       cssid = rcu_dereference_check(css->id,
-                       rcu_read_lock_held() || atomic_read(&css->refcnt));
+       cssid = rcu_dereference_check(css->id, atomic_read(&css->refcnt));
 
        if (cssid)
                return cssid->id;
@@ -4827,8 +4839,7 @@ unsigned short css_depth(struct cgroup_subsys_state *css)
 {
        struct css_id *cssid;
 
-       cssid = rcu_dereference_check(css->id,
-                       rcu_read_lock_held() || atomic_read(&css->refcnt));
+       cssid = rcu_dereference_check(css->id, atomic_read(&css->refcnt));
 
        if (cssid)
                return cssid->depth;