[PATCH 4/6] cgroup: disallow task from leaving cgroup isolated root

[Witold Krecicki]

This patch makes it impossible for a task to exit cgroup isolated
root environment.

Signed-off-by: Witold Krecicki <wpk@xxxxxxxx>
---
 kernel/cgroup.c |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index f9b4bdf..c3fee33 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -1850,13 +1850,17 @@ int cgroup_attach_task(struct cgroup *cgrp, struct task_struct *tsk)
 {
 	int retval;
 	struct cgroup_subsys *ss, *failed_ss = NULL;
-	struct cgroup *oldcgrp;
+	struct cgroup *oldcgrp, *isol_root;
 	struct cgroupfs_root *root = cgrp->root;
 
 	/* Nothing to do if the task is already in that cgroup */
 	oldcgrp = task_cgroup_from_root(tsk, root);
 	if (cgrp == oldcgrp)
 		return 0;
+	/* We need to check if the new cgrp is inside the isolation root */
+	isol_root = cgroup_get_isolation_root(oldcgrp);
+	if (isol_root && !cgroup_is_descendant(cgrp, isol_root))
+		return -EBUSY;
 
 	for_each_subsys(root, ss) {
 		if (ss->can_attach) {
-- 
1.7.4.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/