On Fri, Jul 15, 2016 at 10:51 AM, Nick Kralevich <nnk@xxxxxxxxxx> wrote: > On Fri, Jul 15, 2016 at 10:24 AM, John Stultz <john.stultz@xxxxxxxxxx> wrote: >> As requested, this patch implements a task_settimerslack LSM hook >> so that the /proc/<tid>/timerslack_ns interface can have finer >> grained security policies applied to it. >> >> Don't really know what I'm doing here, so close review would be >> appreciated! >> >> Cc: Kees Cook <keescook@xxxxxxxxxxxx> >> Cc: "Serge E. Hallyn" <serge@xxxxxxxxxx> >> Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> >> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx> >> CC: Arjan van de Ven <arjan@xxxxxxxxxxxxxxx> >> Cc: Oren Laadan <orenl@xxxxxxxxxxx> >> Cc: Ruchi Kandoi <kandoiruchi@xxxxxxxxxx> >> Cc: Rom Lemarchand <romlem@xxxxxxxxxxx> >> Cc: Todd Kjos <tkjos@xxxxxxxxxx> >> Cc: Colin Cross <ccross@xxxxxxxxxxx> >> Cc: Nick Kralevich <nnk@xxxxxxxxxx> >> Cc: Dmitry Shmidt <dimitrysh@xxxxxxxxxx> >> Cc: Elliott Hughes <enh@xxxxxxxxxx> >> Cc: Android Kernel Team <kernel-team@xxxxxxxxxxx> >> Signed-off-by: John Stultz <john.stultz@xxxxxxxxxx> >> --- >> v2: Initial swing at adding LSM hook >> >> fs/proc/base.c | 7 +++++++ >> include/linux/lsm_hooks.h | 7 +++++++ >> include/linux/security.h | 6 ++++++ >> security/security.c | 7 +++++++ >> security/selinux/hooks.c | 6 ++++++ >> 5 files changed, 33 insertions(+) >> >> diff --git a/fs/proc/base.c b/fs/proc/base.c >> index 8f4f8d7..7f10b37 100644 >> --- a/fs/proc/base.c >> +++ b/fs/proc/base.c >> @@ -2284,6 +2284,12 @@ static ssize_t timerslack_ns_write(struct file *file, const char __user *buf, >> if (!p) >> return -ESRCH; >> >> + err = security_task_settimerslack(current, slack_ns); > > The first argument should be "p", not "current". "p" is the target > process you're trying to adjust. Ah, yes. Thanks. Clearly I don't know what I'm doing here. :) -john _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
