diff options
| author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:12 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:12 -0500 |
| commit | 76aac0e9a17742e60d408be1a706e9aaad370891 (patch) | |
| tree | e873a000d9c96209726e0958e311f005c13b2ed5 /kernel/sched.c | |
| parent | b103c59883f1ec6e4d548b25054608cb5724453c (diff) | |
CRED: Wrap task credential accesses in the core kernel
Wrap access to task credentials so that they can be separated more easily from
the task_struct during the introduction of COW creds.
Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id().
Change some task->e?[ug]id to task_e?[ug]id(). In some places it makes more
sense to use RCU directly rather than a convenient wrapper; these will be
addressed by later patches.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-audit@redhat.com
Cc: containers@lists.linux-foundation.org
Cc: linux-mm@kvack.org
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'kernel/sched.c')
| -rw-r--r-- | kernel/sched.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/kernel/sched.c b/kernel/sched.c index e8819bc6f462..c3b8b1fcde0d 100644 --- a/kernel/sched.c +++ b/kernel/sched.c | |||
| @@ -5128,6 +5128,7 @@ static int __sched_setscheduler(struct task_struct *p, int policy, | |||
| 5128 | unsigned long flags; | 5128 | unsigned long flags; |
| 5129 | const struct sched_class *prev_class = p->sched_class; | 5129 | const struct sched_class *prev_class = p->sched_class; |
| 5130 | struct rq *rq; | 5130 | struct rq *rq; |
| 5131 | uid_t euid; | ||
| 5131 | 5132 | ||
| 5132 | /* may grab non-irq protected spin_locks */ | 5133 | /* may grab non-irq protected spin_locks */ |
| 5133 | BUG_ON(in_interrupt()); | 5134 | BUG_ON(in_interrupt()); |
| @@ -5180,8 +5181,9 @@ recheck: | |||
| 5180 | return -EPERM; | 5181 | return -EPERM; |
| 5181 | 5182 | ||
| 5182 | /* can't change other user's priorities */ | 5183 | /* can't change other user's priorities */ |
| 5183 | if ((current->euid != p->euid) && | 5184 | euid = current_euid(); |
| 5184 | (current->euid != p->uid)) | 5185 | if (euid != p->euid && |
| 5186 | euid != p->uid) | ||
| 5185 | return -EPERM; | 5187 | return -EPERM; |
| 5186 | } | 5188 | } |
| 5187 | 5189 | ||
| @@ -5392,6 +5394,7 @@ long sched_setaffinity(pid_t pid, const cpumask_t *in_mask) | |||
| 5392 | cpumask_t cpus_allowed; | 5394 | cpumask_t cpus_allowed; |
| 5393 | cpumask_t new_mask = *in_mask; | 5395 | cpumask_t new_mask = *in_mask; |
| 5394 | struct task_struct *p; | 5396 | struct task_struct *p; |
| 5397 | uid_t euid; | ||
| 5395 | int retval; | 5398 | int retval; |
| 5396 | 5399 | ||
| 5397 | get_online_cpus(); | 5400 | get_online_cpus(); |
| @@ -5412,9 +5415,9 @@ long sched_setaffinity(pid_t pid, const cpumask_t *in_mask) | |||
| 5412 | get_task_struct(p); | 5415 | get_task_struct(p); |
| 5413 | read_unlock(&tasklist_lock); | 5416 | read_unlock(&tasklist_lock); |
| 5414 | 5417 | ||
| 5418 | euid = current_euid(); | ||
| 5415 | retval = -EPERM; | 5419 | retval = -EPERM; |
| 5416 | if ((current->euid != p->euid) && (current->euid != p->uid) && | 5420 | if (euid != p->euid && euid != p->uid && !capable(CAP_SYS_NICE)) |
| 5417 | !capable(CAP_SYS_NICE)) | ||
| 5418 | goto out_unlock; | 5421 | goto out_unlock; |
| 5419 | 5422 | ||
| 5420 | retval = security_task_setscheduler(p, 0, NULL); | 5423 | retval = security_task_setscheduler(p, 0, NULL); |