int move_pid_main(const char *controller, const char *cgroup, struct ucred p,
struct ucred r, struct ucred v)
{
if (cgroup[0] == '/') {
// We could try to be accomodating, but let's not fool around right now
nih_error("%s: Bad requested cgroup path: %s", __func__, cgroup);
return -1;
}
return do_move_pid_main(controller, cgroup, p, r, v, false);
}
int move_pid_main (const char *controller, const char *cgroup,
struct ucred p, struct ucred r, struct ucred v)
{
if (!sane_cgroup(cgroup)) {
nih_error("%s: unsafe cgroup", __func__);
return -1;
}
if (cgroup[0] == '/') {
nih_error("%s: uid %u tried to escape its cgroup", __func__, r.uid);
return -1;
}
return do_move_pid_main(controller, cgroup, p, r, v, "MovePidScm");
}
int move_pid_abs_main (const char *controller, const char *cgroup,
struct ucred p, struct ucred r, struct ucred v)
{
#if 0
/*
* We used to enforce that r must be root. However that's
* overly restrictive.
* Cgmanager ensures that r must have write access to the
* tasks file. That seems sufficient. However if it is deemed
* insufficient, we can ensure that r's user or group id own
* all parent directories up to a common parent, from v.cgroup
* to the requested cgroup. THIS CODE does NOT do that.
*/
if (r.uid) {
nih_error("%s: uid %u tried to escape", __func__, r.uid);
return -1;
}
#endif
if (!sane_cgroup(cgroup)) {
nih_error("%s: unsafe cgroup", __func__);
return -1;
}
return do_move_pid_main(controller, cgroup, p, r, v, "MovePidAbsScm");
}
int move_pid_abs_main(const char *controller, const char *cgroup, struct ucred p,
struct ucred r, struct ucred v)
{
return do_move_pid_main(controller, cgroup, p, r, v, true);
}
