int move_pid_main(const char *controller, const char *cgroup, struct ucred p, struct ucred r, struct ucred v) { if (cgroup[0] == '/') { // We could try to be accomodating, but let's not fool around right now nih_error("%s: Bad requested cgroup path: %s", __func__, cgroup); return -1; } return do_move_pid_main(controller, cgroup, p, r, v, false); }
int move_pid_main (const char *controller, const char *cgroup, struct ucred p, struct ucred r, struct ucred v) { if (!sane_cgroup(cgroup)) { nih_error("%s: unsafe cgroup", __func__); return -1; } if (cgroup[0] == '/') { nih_error("%s: uid %u tried to escape its cgroup", __func__, r.uid); return -1; } return do_move_pid_main(controller, cgroup, p, r, v, "MovePidScm"); }
int move_pid_abs_main (const char *controller, const char *cgroup, struct ucred p, struct ucred r, struct ucred v) { #if 0 /* * We used to enforce that r must be root. However that's * overly restrictive. * Cgmanager ensures that r must have write access to the * tasks file. That seems sufficient. However if it is deemed * insufficient, we can ensure that r's user or group id own * all parent directories up to a common parent, from v.cgroup * to the requested cgroup. THIS CODE does NOT do that. */ if (r.uid) { nih_error("%s: uid %u tried to escape", __func__, r.uid); return -1; } #endif if (!sane_cgroup(cgroup)) { nih_error("%s: unsafe cgroup", __func__); return -1; } return do_move_pid_main(controller, cgroup, p, r, v, "MovePidAbsScm"); }
int move_pid_abs_main(const char *controller, const char *cgroup, struct ucred p, struct ucred r, struct ucred v) { return do_move_pid_main(controller, cgroup, p, r, v, true); }