The patch titled lsm: add task_setioprio hook has been removed from the -mm tree. Its filename is lsm-add-task_setioprio-hook.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ Subject: lsm: add task_setioprio hook From: James Morris <jmorris@xxxxxxxxx> Implement an LSM hook for setting a task's IO priority, similar to the hook for setting a tasks's nice value. A previous version of this LSM hook was included in an older version of multiadm by Jan Engelhardt, although I don't recall it being submitted upstream. Also included is the corresponding SELinux hook, which re-uses the setsched permission in the proccess class. Signed-off-by: James Morris <jmorris@xxxxxxxxx> Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx> Cc: Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx> Cc: Chris Wright <chrisw@xxxxxxxxxxxx> Cc: Jens Axboe <axboe@xxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxx> --- fs/ioprio.c | 6 ++++++ include/linux/security.h | 16 ++++++++++++++++ security/dummy.c | 6 ++++++ security/selinux/hooks.c | 6 ++++++ 4 files changed, 34 insertions(+) diff -puN fs/ioprio.c~lsm-add-task_setioprio-hook fs/ioprio.c --- a/fs/ioprio.c~lsm-add-task_setioprio-hook +++ a/fs/ioprio.c @@ -24,15 +24,21 @@ #include <linux/blkdev.h> #include <linux/capability.h> #include <linux/syscalls.h> +#include <linux/security.h> static int set_task_ioprio(struct task_struct *task, int ioprio) { + int err; struct io_context *ioc; if (task->uid != current->euid && task->uid != current->uid && !capable(CAP_SYS_NICE)) return -EPERM; + err = security_task_setioprio(task, ioprio); + if (err) + return err; + task_lock(task); task->ioprio = ioprio; diff -puN include/linux/security.h~lsm-add-task_setioprio-hook include/linux/security.h --- a/include/linux/security.h~lsm-add-task_setioprio-hook +++ a/include/linux/security.h @@ -577,6 +577,11 @@ struct swap_info_struct; * @p contains the task_struct of process. * @nice contains the new nice value. * Return 0 if permission is granted. + * @task_setioprio + * Check permission before setting the ioprio value of @p to @ioprio. + * @p contains the task_struct of process. + * @ioprio contains the new ioprio value + * Return 0 if permission is granted. * @task_setrlimit: * Check permission before setting the resource limits of the current * process for @resource to @new_rlim. The old resource limit values can @@ -1210,6 +1215,7 @@ struct security_operations { int (*task_getsid) (struct task_struct * p); int (*task_setgroups) (struct group_info *group_info); int (*task_setnice) (struct task_struct * p, int nice); + int (*task_setioprio) (struct task_struct * p, int ioprio); int (*task_setrlimit) (unsigned int resource, struct rlimit * new_rlim); int (*task_setscheduler) (struct task_struct * p, int policy, struct sched_param * lp); @@ -1836,6 +1842,11 @@ static inline int security_task_setnice return security_ops->task_setnice (p, nice); } +static inline int security_task_setioprio (struct task_struct *p, int ioprio) +{ + return security_ops->task_setioprio (p, ioprio); +} + static inline int security_task_setrlimit (unsigned int resource, struct rlimit *new_rlim) { @@ -2478,6 +2489,11 @@ static inline int security_task_setnice return 0; } +static inline int security_task_setioprio (struct task_struct *p, int ioprio) +{ + return 0; +} + static inline int security_task_setrlimit (unsigned int resource, struct rlimit *new_rlim) { diff -puN security/dummy.c~lsm-add-task_setioprio-hook security/dummy.c --- a/security/dummy.c~lsm-add-task_setioprio-hook +++ a/security/dummy.c @@ -516,6 +516,11 @@ static int dummy_task_setnice (struct ta return 0; } +static int dummy_task_setioprio (struct task_struct *p, int ioprio) +{ + return 0; +} + static int dummy_task_setrlimit (unsigned int resource, struct rlimit *new_rlim) { return 0; @@ -972,6 +977,7 @@ void security_fixup_ops (struct security set_to_dummy_if_null(ops, task_getsid); set_to_dummy_if_null(ops, task_setgroups); set_to_dummy_if_null(ops, task_setnice); + set_to_dummy_if_null(ops, task_setioprio); set_to_dummy_if_null(ops, task_setrlimit); set_to_dummy_if_null(ops, task_setscheduler); set_to_dummy_if_null(ops, task_getscheduler); diff -puN security/selinux/hooks.c~lsm-add-task_setioprio-hook security/selinux/hooks.c --- a/security/selinux/hooks.c~lsm-add-task_setioprio-hook +++ a/security/selinux/hooks.c @@ -2645,6 +2645,11 @@ static int selinux_task_setnice(struct t return task_has_perm(current,p, PROCESS__SETSCHED); } +static int selinux_task_setioprio(struct task_struct *p, int ioprio) +{ + return task_has_perm(current, p, PROCESS__SETSCHED); +} + static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim) { struct rlimit *old_rlim = current->signal->rlim + resource; @@ -4383,6 +4388,7 @@ static struct security_operations selinu .task_getsid = selinux_task_getsid, .task_setgroups = selinux_task_setgroups, .task_setnice = selinux_task_setnice, + .task_setioprio = selinux_task_setioprio, .task_setrlimit = selinux_task_setrlimit, .task_setscheduler = selinux_task_setscheduler, .task_getscheduler = selinux_task_getscheduler, _ Patches currently in -mm which might be from jmorris@xxxxxxxxx are origin.patch keys-allocate-key-serial-numbers-randomly.patch keys-restrict-contents-of-proc-keys-to-viewable-keys.patch keys-add-a-way-to-store-the-appropriate-context-for-newly-created-keys.patch proc-cleanup-proc_fd_access_allowed.patch selinux-add-sockcreate-node-to-procattr-api.patch - To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html