Quoting Eric W. Biederman (ebied...@xmission.com): > Gowrishankar M <gowrishanka...@linux.vnet.ibm.com> writes: > > > From: Gowrishankar M <gomut...@linux.vnet.ibm.com> > > > > At present we scan all processes in init namespace, while getting or setting > > process priorities for a user. Incase of PID namespace, it leads to leak > > priority to processes in other namespace. > > > > Below patch proposes to use new macro controller to fix the boundary of > > processes list in current namespace. > > Nacked-by: "Eric W. Biederman" <ebied...@xmission.com> > > This has nothing to do with pids. The command is to set the > iopriority for a given user. This is a problem of the user namespace > not the pid namespace.
The uid check needs to be fixed for user namespaces, agreed. I could go either way though on whether we should also restrict to the same pidns. (note to fix the userns part of this added to my userns queue - first I want to finish with keys; then maybe this should be done before handling capabilities) So if you want to nack this, I'll go along with that, but I think it's useful. thanks, -serge _______________________________________________ Containers mailing list contain...@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/containers _______________________________________________ Devel mailing list Devel@openvz.org https://openvz.org/mailman/listinfo/devel
