The patch titled SELinux: add security_task_movememory calls to mm code has been added to the -mm tree. Its filename is selinux-add-security_task_movememory-calls-to-mm-code.patch See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find out what to do about this ------------------------------------------------------ Subject: SELinux: add security_task_movememory calls to mm code From: David Quigley <dpquigl@xxxxxxxxxxxxx> This patch inserts security_task_movememory hook calls into memory management code to enable security modules to mediate this operation between tasks. Since the last posting, the hook has been renamed following feedback from Christoph Lameter. Signed-off-by: David Quigley <dpquigl@xxxxxxxxxxxxx> Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx> Signed-off-by: James Morris <jmorris@xxxxxxxxx> Cc: Andi Kleen <ak@xxxxxx> Acked-by: Christoph Lameter <clameter@xxxxxxx> Cc: Chris Wright <chrisw@xxxxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxx> --- mm/mempolicy.c | 5 +++++ mm/migrate.c | 6 ++++++ 2 files changed, 11 insertions(+) diff -puN mm/mempolicy.c~selinux-add-security_task_movememory-calls-to-mm-code mm/mempolicy.c --- a/mm/mempolicy.c~selinux-add-security_task_movememory-calls-to-mm-code +++ a/mm/mempolicy.c @@ -88,6 +88,7 @@ #include <linux/proc_fs.h> #include <linux/migrate.h> #include <linux/rmap.h> +#include <linux/security.h> #include <asm/tlbflush.h> #include <asm/uaccess.h> @@ -946,6 +947,10 @@ asmlinkage long sys_migrate_pages(pid_t goto out; } + err = security_task_movememory(task); + if (err) + goto out; + err = do_migrate_pages(mm, &old, &new, capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE); out: diff -puN mm/migrate.c~selinux-add-security_task_movememory-calls-to-mm-code mm/migrate.c --- a/mm/migrate.c~selinux-add-security_task_movememory-calls-to-mm-code +++ a/mm/migrate.c @@ -27,6 +27,7 @@ #include <linux/writeback.h> #include <linux/mempolicy.h> #include <linux/vmalloc.h> +#include <linux/security.h> #include "internal.h" @@ -903,6 +904,11 @@ asmlinkage long sys_move_pages(pid_t pid goto out2; } + err = security_task_movememory(task); + if (err) + goto out2; + + task_nodes = cpuset_mems_allowed(task); /* Limit nr_pages so that the multiplication may not overflow */ _ Patches currently in -mm which might be from dpquigl@xxxxxxxxxxxxx are selinux-add-security-hooks-to-getsetaffinity.patch selinux-add-security-hook-call-to-mediate-attach_task.patch selinux-add-task_movememory-hook.patch selinux-add-security_task_movememory-calls-to-mm-code.patch - To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html