The patch titled SELinux: add security hooks to {get,set}affinity has been added to the -mm tree. Its filename is selinux-add-security-hooks-to-getsetaffinity.patch See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find out what to do about this ------------------------------------------------------ Subject: SELinux: add security hooks to {get,set}affinity From: David Quigley <dpquigl@xxxxxxxxxxxxx> This patch adds LSM hooks into the setaffinity and getaffinity functions to enable security modules to control these operations between tasks with task_setscheduler and task_getscheduler LSM hooks. This is aimed at 2.6.18 inclusion to cover new code currently unmediated by SELinux. Signed-off-by: David Quigley <dpquigl@xxxxxxxxxxxxx> Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx> Signed-off-by: James Morris <jmorris@xxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxx> --- kernel/sched.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff -puN kernel/sched.c~selinux-add-security-hooks-to-getsetaffinity kernel/sched.c --- a/kernel/sched.c~selinux-add-security-hooks-to-getsetaffinity +++ a/kernel/sched.c @@ -4266,6 +4266,10 @@ long sched_setaffinity(pid_t pid, cpumas !capable(CAP_SYS_NICE)) goto out_unlock; + retval = security_task_setscheduler(p, 0, NULL); + if (retval) + goto out_unlock; + cpus_allowed = cpuset_cpus_allowed(p); cpus_and(new_mask, new_mask, cpus_allowed); retval = set_cpus_allowed(p, new_mask); @@ -4334,7 +4338,10 @@ long sched_getaffinity(pid_t pid, cpumas if (!p) goto out_unlock; - retval = 0; + retval = security_task_getscheduler(p); + if (retval) + goto out_unlock; + cpus_and(*mask, p->cpus_allowed, cpu_online_map); out_unlock: _ Patches currently in -mm which might be from dpquigl@xxxxxxxxxxxxx are selinux-add-security-hooks-to-getsetaffinity.patch - To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html