On Tue, Feb 08, 2022 at 07:24:02PM +0100, Michal Koutný wrote:
From: "Eric W. Biederman" ebiederm@xmission.com
The cgroup release_agent is called with call_usermodehelper. The function call_usermodehelper starts the release_agent with a full set fo capabilities. Therefore require capabilities when setting the release_agaent.
[ Upstream commit 24f6008564183aa120d07c03d9289519c2fe02af ]
Reported-by: Tabitha Sable tabitha.c.sable@gmail.com Tested-by: Tabitha Sable tabitha.c.sable@gmail.com Fixes: 81a6a5cdd2c5 ("Task Control Groups: automatic userspace notification of idle cgroups") Cc: stable@vger.kernel.org # v2.6.24+ Signed-off-by: "Eric W. Biederman" ebiederm@xmission.com Signed-off-by: Tejun Heo tj@kernel.org [mkoutny: Adjust for pre-fs_context, duplicate mount/remount check, drop log messages.] Acked-by: Michal Koutný mkoutny@suse.com
Hello, FWIW, I'm sharing v4.12 backport of the aforementioned patch (v4.12 is not actual stable but someone may find it useful).
What about 4.19 and 4.14 versions? Those would be useful :)
thanks,
greg k-h