The patch titled
SELinux: add security hooks to {get,set}affinity
has been added to the -mm tree. Its filename is
selinux-add-security-hooks-to-getsetaffinity.patch
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
------------------------------------------------------
Subject: SELinux: add security hooks to {get,set}affinity
From: David Quigley <dpquigl@xxxxxxxxxxxxx>
This patch adds LSM hooks into the setaffinity and getaffinity functions to
enable security modules to control these operations between tasks with
task_setscheduler and task_getscheduler LSM hooks.
This is aimed at 2.6.18 inclusion to cover new code currently unmediated by
SELinux.
Signed-off-by: David Quigley <dpquigl@xxxxxxxxxxxxx>
Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
Signed-off-by: James Morris <jmorris@xxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---
kernel/sched.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff -puN kernel/sched.c~selinux-add-security-hooks-to-getsetaffinity kernel/sched.c
--- a/kernel/sched.c~selinux-add-security-hooks-to-getsetaffinity
+++ a/kernel/sched.c
@@ -4266,6 +4266,10 @@ long sched_setaffinity(pid_t pid, cpumas
!capable(CAP_SYS_NICE))
goto out_unlock;
+ retval = security_task_setscheduler(p, 0, NULL);
+ if (retval)
+ goto out_unlock;
+
cpus_allowed = cpuset_cpus_allowed(p);
cpus_and(new_mask, new_mask, cpus_allowed);
retval = set_cpus_allowed(p, new_mask);
@@ -4334,7 +4338,10 @@ long sched_getaffinity(pid_t pid, cpumas
if (!p)
goto out_unlock;
- retval = 0;
+ retval = security_task_getscheduler(p);
+ if (retval)
+ goto out_unlock;
+
cpus_and(*mask, p->cpus_allowed, cpu_online_map);
out_unlock:
_
Patches currently in -mm which might be from dpquigl@xxxxxxxxxxxxx are
selinux-add-security-hooks-to-getsetaffinity.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
