+ selinux-add-security-hooks-to-getsetaffinity.patch added to -mm tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The patch titled

     SELinux: add security hooks to {get,set}affinity

has been added to the -mm tree.  Its filename is

     selinux-add-security-hooks-to-getsetaffinity.patch

See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this

------------------------------------------------------
Subject: SELinux: add security hooks to {get,set}affinity
From: David Quigley <dpquigl@xxxxxxxxxxxxx>


This patch adds LSM hooks into the setaffinity and getaffinity functions to
enable security modules to control these operations between tasks with
task_setscheduler and task_getscheduler LSM hooks.

This is aimed at 2.6.18 inclusion to cover new code currently unmediated by
SELinux.

Signed-off-by: David Quigley <dpquigl@xxxxxxxxxxxxx>
Acked-by:  Stephen Smalley <sds@xxxxxxxxxxxxx>
Signed-off-by: James Morris <jmorris@xxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---

 kernel/sched.c |    9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff -puN kernel/sched.c~selinux-add-security-hooks-to-getsetaffinity kernel/sched.c
--- a/kernel/sched.c~selinux-add-security-hooks-to-getsetaffinity
+++ a/kernel/sched.c
@@ -4266,6 +4266,10 @@ long sched_setaffinity(pid_t pid, cpumas
 			!capable(CAP_SYS_NICE))
 		goto out_unlock;
 
+	retval = security_task_setscheduler(p, 0, NULL);
+	if (retval)
+		goto out_unlock;
+
 	cpus_allowed = cpuset_cpus_allowed(p);
 	cpus_and(new_mask, new_mask, cpus_allowed);
 	retval = set_cpus_allowed(p, new_mask);
@@ -4334,7 +4338,10 @@ long sched_getaffinity(pid_t pid, cpumas
 	if (!p)
 		goto out_unlock;
 
-	retval = 0;
+	retval = security_task_getscheduler(p);
+	if (retval)
+		goto out_unlock;
+
 	cpus_and(*mask, p->cpus_allowed, cpu_online_map);
 
 out_unlock:
_

Patches currently in -mm which might be from dpquigl@xxxxxxxxxxxxx are

selinux-add-security-hooks-to-getsetaffinity.patch

-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Kernel Newbies FAQ]     [Kernel Archive]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [Bugtraq]     [Photo]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]

  Powered by Linux