From: David Quigley <[email protected]>
This patch adds LSM hooks into the setaffinity and getaffinity functions
to enable security modules to control these operations between tasks with
different security attributes. This implementation uses the existing
task_setscheduler and task_getscheduler LSM hooks.
This is aimed at 2.6.18 inclusion to cover new code currently unmediated
by SELinux.
Please apply.
Signed-Off-By: David Quigley <[email protected]>
Acked-by: Stephen Smalley <[email protected]>
Signed-off-by: James Morrisj <[email protected]>
---
kernel/sched.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff -uprN -X /home/dpquigl/dontdiff linux-2.6.17-rc6-mm2/kernel/sched.c linux-2.6.17-rc6-mm2-affinity/kernel/sched.c
--- linux-2.6.17-rc6-mm2/kernel/sched.c 2006-06-15 09:46:28.000000000 -0400
+++ linux-2.6.17-rc6-mm2-affinity/kernel/sched.c 2006-06-15 09:51:55.000000000 -0400
@@ -4266,6 +4266,10 @@ long sched_setaffinity(pid_t pid, cpumas
!capable(CAP_SYS_NICE))
goto out_unlock;
+ retval = security_task_setscheduler(p, 0, NULL);
+ if (retval)
+ goto out_unlock;
+
cpus_allowed = cpuset_cpus_allowed(p);
cpus_and(new_mask, new_mask, cpus_allowed);
retval = set_cpus_allowed(p, new_mask);
@@ -4334,7 +4338,10 @@ long sched_getaffinity(pid_t pid, cpumas
if (!p)
goto out_unlock;
- retval = 0;
+ retval = security_task_getscheduler(p);
+ if (retval)
+ goto out_unlock;
+
cpus_and(*mask, p->cpus_allowed, cpu_online_map);
out_unlock:
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
