diff options
author | David Quigley <dpquigl@tycho.nsa.gov> | 2006-06-23 05:03:59 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-06-23 10:42:53 -0400 |
commit | e7834f8fccd791225a1cf91c2c3e740ad8e2e145 (patch) | |
tree | 8f48d03d7b1dc32d326825fef1d1c54117a06ac8 | |
parent | 03e68060636e05989ea94bcb671ab633948f328c (diff) |
[PATCH] SELinux: add security hooks to {get,set}affinity
This patch adds LSM hooks into the setaffinity and getaffinity functions to
enable security modules to control these operations between tasks with
task_setscheduler and task_getscheduler LSM hooks.
Signed-off-by: David Quigley <dpquigl@tycho.nsa.gov>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | kernel/sched.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/kernel/sched.c b/kernel/sched.c index c13f1bd2df7d..87665132cec1 100644 --- a/kernel/sched.c +++ b/kernel/sched.c | |||
@@ -3886,6 +3886,10 @@ long sched_setaffinity(pid_t pid, cpumask_t new_mask) | |||
3886 | !capable(CAP_SYS_NICE)) | 3886 | !capable(CAP_SYS_NICE)) |
3887 | goto out_unlock; | 3887 | goto out_unlock; |
3888 | 3888 | ||
3889 | retval = security_task_setscheduler(p, 0, NULL); | ||
3890 | if (retval) | ||
3891 | goto out_unlock; | ||
3892 | |||
3889 | cpus_allowed = cpuset_cpus_allowed(p); | 3893 | cpus_allowed = cpuset_cpus_allowed(p); |
3890 | cpus_and(new_mask, new_mask, cpus_allowed); | 3894 | cpus_and(new_mask, new_mask, cpus_allowed); |
3891 | retval = set_cpus_allowed(p, new_mask); | 3895 | retval = set_cpus_allowed(p, new_mask); |
@@ -3954,7 +3958,10 @@ long sched_getaffinity(pid_t pid, cpumask_t *mask) | |||
3954 | if (!p) | 3958 | if (!p) |
3955 | goto out_unlock; | 3959 | goto out_unlock; |
3956 | 3960 | ||
3957 | retval = 0; | 3961 | retval = security_task_getscheduler(p); |
3962 | if (retval) | ||
3963 | goto out_unlock; | ||
3964 | |||
3958 | cpus_and(*mask, p->cpus_allowed, cpu_online_map); | 3965 | cpus_and(*mask, p->cpus_allowed, cpu_online_map); |
3959 | 3966 | ||
3960 | out_unlock: | 3967 | out_unlock: |