Rewind v3.13-rc3+ (78fd82238d0e5716) to v3.12

author: Scott Wood <scottwood@freescale.com> 2014-04-07 23:49:35 (GMT)
committer: Scott Wood <scottwood@freescale.com> 2014-04-07 23:49:35 (GMT)
commit: 62b8c978ee6b8d135d9e7953221de58000dba986 (patch)
tree: 683b04b2e627f6710c22c151b23c8cc9a165315e /security/device_cgroup.c
parent: 78fd82238d0e5716578c326404184a27ba67fd6e (diff)
download: linux-fsl-qoriq-62b8c978ee6b8d135d9e7953221de58000dba986.tar.xz
1 files changed, 11 insertions, 0 deletions
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 7c2a0a7..c123628 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -63,6 +63,16 @@ static inline struct dev_cgroup *task_devcgroup(struct task_struct *task)
 
 struct cgroup_subsys devices_subsys;
 
+static int devcgroup_can_attach(struct cgroup_subsys_state *new_css,
+				struct cgroup_taskset *set)
+{
+	struct task_struct *task = cgroup_taskset_first(set);
+
+	if (current != task && !capable(CAP_SYS_ADMIN))
+		return -EPERM;
+	return 0;
+}
+
 /*
  * called under devcgroup_mutex
  */
@@ -687,6 +697,7 @@ static struct cftype dev_cgroup_files[] = {
 
 struct cgroup_subsys devices_subsys = {
 	.name = "devices",
+	.can_attach = devcgroup_can_attach,
 	.css_alloc = devcgroup_css_alloc,
 	.css_free = devcgroup_css_free,
 	.css_online = devcgroup_online,
author	Scott Wood <scottwood@freescale.com>	2014-04-07 23:49:35 (GMT)
committer	Scott Wood <scottwood@freescale.com>	2014-04-07 23:49:35 (GMT)
commit	62b8c978ee6b8d135d9e7953221de58000dba986 (patch)
tree	683b04b2e627f6710c22c151b23c8cc9a165315e /security/device_cgroup.c
parent	78fd82238d0e5716578c326404184a27ba67fd6e (diff)
download	linux-fsl-qoriq-62b8c978ee6b8d135d9e7953221de58000dba986.tar.xz