diff options
| author | Jiri Slaby <jirislaby@gmail.com> | 2009-08-26 12:41:16 -0400 |
|---|---|---|
| committer | Jiri Slaby <jirislaby@gmail.com> | 2010-07-16 03:48:45 -0400 |
| commit | 8fd00b4d7014b00448eb33cf0590815304769798 (patch) | |
| tree | f97cc5b4401dd038e539dae7ad66066383012866 /security/selinux | |
| parent | 2f7989efd4398d92b8adffce2e07dd043a0895fe (diff) | |
rlimits: security, add task_struct to setrlimit
Add task_struct to task_setrlimit of security_operations to be able to set
rlimit of task other than current.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Acked-by: Eric Paris <eparis@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux')
| -rw-r--r-- | security/selinux/hooks.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5c9f25ba1c9..e3ce6b4127c 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -3371,16 +3371,17 @@ static int selinux_task_getioprio(struct task_struct *p) | |||
| 3371 | return current_has_perm(p, PROCESS__GETSCHED); | 3371 | return current_has_perm(p, PROCESS__GETSCHED); |
| 3372 | } | 3372 | } |
| 3373 | 3373 | ||
| 3374 | static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim) | 3374 | static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource, |
| 3375 | struct rlimit *new_rlim) | ||
| 3375 | { | 3376 | { |
| 3376 | struct rlimit *old_rlim = current->signal->rlim + resource; | 3377 | struct rlimit *old_rlim = p->signal->rlim + resource; |
| 3377 | 3378 | ||
| 3378 | /* Control the ability to change the hard limit (whether | 3379 | /* Control the ability to change the hard limit (whether |
| 3379 | lowering or raising it), so that the hard limit can | 3380 | lowering or raising it), so that the hard limit can |
| 3380 | later be used as a safe reset point for the soft limit | 3381 | later be used as a safe reset point for the soft limit |
| 3381 | upon context transitions. See selinux_bprm_committing_creds. */ | 3382 | upon context transitions. See selinux_bprm_committing_creds. */ |
| 3382 | if (old_rlim->rlim_max != new_rlim->rlim_max) | 3383 | if (old_rlim->rlim_max != new_rlim->rlim_max) |
| 3383 | return current_has_perm(current, PROCESS__SETRLIMIT); | 3384 | return current_has_perm(p, PROCESS__SETRLIMIT); |
| 3384 | 3385 | ||
| 3385 | return 0; | 3386 | return 0; |
| 3386 | } | 3387 | } |