[PATCH] Allow user processes to raise their oom_adj value

Currently a user process cannot rise its own oom_adj value (i.e.
unprotecting itself from the OOM killer).  As this value is stored in the
task structure it gets inherited and the unprivileged childs will be unable
to rise it.

The EPERM will be handled by the generic proc fs layer, as only processes
with the proper caps or the owner of the process will be able to write to
the file.  So we allow only the processes with CAP_SYS_RESOURCE to lower
the value, otherwise it will get an EACCES which seems more appropriate
than EPERM.

Signed-off-by: Guillem Jover <guillem.jover@nokia.com>
Acked-by: Andrea Arcangeli <andrea@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

1 files changed, 4 insertions, 2 deletions

diff --git a/fs/proc/base.c b/fs/proc/base.c
index 795319c54f72..05ace70d051a 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -683,8 +683,6 @@ static ssize_t oom_adjust_write(struct file *file, const char __user *buf,
         char buffer[PROC_NUMBUF], *end;
         int oom_adjust;
 
-        if (!capable(CAP_SYS_RESOURCE))
-                return -EPERM;
         memset(buffer, 0, sizeof(buffer));
         if (count > sizeof(buffer) - 1)
                 count = sizeof(buffer) - 1;
@@ -699,6 +697,10 @@ static ssize_t oom_adjust_write(struct file *file, const char __user *buf,
         task = get_proc_task(file->f_dentry->d_inode);
         if (!task)
                 return -ESRCH;
+        if (oom_adjust < task->oomkilladj && !capable(CAP_SYS_RESOURCE)) {
+                put_task_struct(task);
+                return -EACCES;
+        }
         task->oomkilladj = oom_adjust;
         put_task_struct(task);
         if (end - buffer == 0)