[Devel] Re: ns_can_attach (nsproxy cgroup)
Li Zefan
lizf at cn.fujitsu.com
Fri Dec 12 23:03:52 PST 2008
> /**
> - * cgroup_is_descendant - see if @cgrp is a descendant of current task's cgrp
> + * cgroup_is_descendant - see if @cgrp is a descendant of @task's cgrp
> * @cgrp: the cgroup in question
> + * @task: the task in question
> + * @subsys_id: cgroup subsystem id used to determine hierarchy; if negative,
> + * use get_first_subsys()
The last argument is redundant.
[...]
> - orig = task_cgroup(task, ns_subsys_id);
> - if (orig && orig != new_cgroup->parent)
> + if (!cgroup_is_descendant(new_cgroup, task, ns_subsys_id))
It makes no difference with:
if (!cgroup_is_descendant(new_cgroup, task, -1))
That's why we don't need argument 'subsys_id'.
> return -EPERM;
>
> return 0;
> @@ -78,7 +75,7 @@ static struct cgroup_subsys_state *ns_create(struct cgroup_subsys *ss,
>
> if (!capable(CAP_SYS_ADMIN))
> return ERR_PTR(-EPERM);
> - if (!cgroup_is_descendant(cgroup))
> + if (!cgroup_is_descendant(cgroup, current, -1))
> return ERR_PTR(-EPERM);
>
> ns_cgroup = kzalloc(sizeof(*ns_cgroup), GFP_KERNEL);
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list