aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOleg Nesterov <oleg@redhat.com>2010-06-23 16:43:32 -0400
committerJiri Slaby <jirislaby@gmail.com>2010-07-16 03:48:46 -0400
commiteb2d55a32b9a91bca0dea299eedb560bafa8b14e (patch)
tree1ba1a701c56614fc03d282b572164e1c409a0df0
parent2fb9d2689a0041b88b25bc3187eada2968e25995 (diff)
rlimits: selinux, do rlimits changes under task_lock
When doing an exec, selinux updates rlimits in its code of current process depending on current max. Make sure max or cur doesn't change in the meantime by grabbing task_lock which do_prlimit needs for changing limits too. While at it, use rlimit helper for accessing CPU rlimit a line below. To have a volatile access too. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Oleg Nesterov <oleg@redhat.com>
-rw-r--r--security/selinux/hooks.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index afb18a9ebba1..2a8a0a915ff3 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2333,13 +2333,15 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2333 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS, 2333 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2334 PROCESS__RLIMITINH, NULL); 2334 PROCESS__RLIMITINH, NULL);
2335 if (rc) { 2335 if (rc) {
2336 /* protect against do_prlimit() */
2337 task_lock(current);
2336 for (i = 0; i < RLIM_NLIMITS; i++) { 2338 for (i = 0; i < RLIM_NLIMITS; i++) {
2337 rlim = current->signal->rlim + i; 2339 rlim = current->signal->rlim + i;
2338 initrlim = init_task.signal->rlim + i; 2340 initrlim = init_task.signal->rlim + i;
2339 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); 2341 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2340 } 2342 }
2341 update_rlimit_cpu(current, 2343 task_unlock(current);
2342 current->signal->rlim[RLIMIT_CPU].rlim_cur); 2344 update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
2343 } 2345 }
2344} 2346}
2345 2347