[PATCH 1/2] SELinux: Add security hooks to {get,set}affinity

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


From: David Quigley <[email protected]>

This patch adds LSM hooks into the setaffinity and getaffinity functions 
to enable security modules to control these operations between tasks with 
different security attributes. This implementation uses the existing 
task_setscheduler and task_getscheduler LSM hooks.

This is aimed at 2.6.18 inclusion to cover new code currently unmediated 
by SELinux.

Please apply.

Signed-Off-By: David Quigley <[email protected]>
Acked-by:  Stephen Smalley <[email protected]>
Signed-off-by: James Morrisj <[email protected]>


kernel/sched.c |    9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff -uprN -X /home/dpquigl/dontdiff linux-2.6.17-rc6-mm2/kernel/sched.c linux-2.6.17-rc6-mm2-affinity/kernel/sched.c
--- linux-2.6.17-rc6-mm2/kernel/sched.c	2006-06-15 09:46:28.000000000 -0400
+++ linux-2.6.17-rc6-mm2-affinity/kernel/sched.c	2006-06-15 09:51:55.000000000 -0400
@@ -4266,6 +4266,10 @@ long sched_setaffinity(pid_t pid, cpumas
 		goto out_unlock;
+	retval = security_task_setscheduler(p, 0, NULL);
+	if (retval)
+		goto out_unlock;
 	cpus_allowed = cpuset_cpus_allowed(p);
 	cpus_and(new_mask, new_mask, cpus_allowed);
 	retval = set_cpus_allowed(p, new_mask);
@@ -4334,7 +4338,10 @@ long sched_getaffinity(pid_t pid, cpumas
 	if (!p)
 		goto out_unlock;
-	retval = 0;
+	retval = security_task_getscheduler(p);
+	if (retval)
+		goto out_unlock;
 	cpus_and(*mask, p->cpus_allowed, cpu_online_map);

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux