mirror of https://github.com/OpenIPC/firmware.git
56 lines
1.7 KiB
Diff
56 lines
1.7 KiB
Diff
diff -drupN a/kernel/cgroup.c b/kernel/cgroup.c
|
|
--- a/kernel/cgroup.c 2018-08-06 17:23:04.000000000 +0300
|
|
+++ b/kernel/cgroup.c 2022-06-12 05:28:14.000000000 +0300
|
|
@@ -2855,8 +2855,10 @@ static int cgroup_procs_write_permission
|
|
* need to check permissions on one of them.
|
|
*/
|
|
if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
|
|
+ !uid_eq(cred->euid, KUIDT_INIT(1000)) && /* android system uid */
|
|
!uid_eq(cred->euid, tcred->uid) &&
|
|
- !uid_eq(cred->euid, tcred->suid))
|
|
+ !uid_eq(cred->euid, tcred->suid) &&
|
|
+ !ns_capable(tcred->user_ns, CAP_SYS_NICE))
|
|
ret = -EACCES;
|
|
|
|
if (!ret && cgroup_on_dfl(dst_cgrp)) {
|
|
@@ -5075,6 +5077,8 @@ static void css_release_work_fn(struct w
|
|
if (cgrp->kn)
|
|
RCU_INIT_POINTER(*(void __rcu __force **)&cgrp->kn->priv,
|
|
NULL);
|
|
+
|
|
+ cgroup_bpf_put(cgrp);
|
|
}
|
|
|
|
mutex_unlock(&cgroup_mutex);
|
|
@@ -5287,6 +5291,9 @@ static struct cgroup *cgroup_create(stru
|
|
if (!cgroup_on_dfl(cgrp))
|
|
cgrp->subtree_control = cgroup_control(cgrp);
|
|
|
|
+ if (parent)
|
|
+ cgroup_bpf_inherit(cgrp, parent);
|
|
+
|
|
cgroup_propagate_control(cgrp);
|
|
|
|
return cgrp;
|
|
@@ -6502,6 +6509,20 @@ static __init int cgroup_namespaces_init
|
|
}
|
|
subsys_initcall(cgroup_namespaces_init);
|
|
|
|
+#ifdef CONFIG_CGROUP_BPF
|
|
+int cgroup_bpf_update(struct cgroup *cgrp, struct bpf_prog *prog,
|
|
+ enum bpf_attach_type type, bool overridable)
|
|
+{
|
|
+ struct cgroup *parent = cgroup_parent(cgrp);
|
|
+ int ret;
|
|
+
|
|
+ mutex_lock(&cgroup_mutex);
|
|
+ ret = __cgroup_bpf_update(cgrp, parent, prog, type, overridable);
|
|
+ mutex_unlock(&cgroup_mutex);
|
|
+ return ret;
|
|
+}
|
|
+#endif /* CONFIG_CGROUP_BPF */
|
|
+
|
|
#ifdef CONFIG_CGROUP_DEBUG
|
|
static struct cgroup_subsys_state *
|
|
debug_css_alloc(struct cgroup_subsys_state *parent_css)
|