aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorMatt Mackall <mpm@selenic.com>2005-05-01 11:59:00 -0400
committerLinus Torvalds <torvalds@ppc970.osdl.org>2005-05-01 11:59:00 -0400
commite43379f10b42194b8a6e1de342cfb44463c0f6da (patch)
treebf6463200dc7e14f266b7f12807c7cbfbb6700c2 /kernel
parent9fc1427a01a9df3605e219c6de0c59c4639209a1 (diff)
[PATCH] nice and rt-prio rlimits
Add a pair of rlimits for allowing non-root tasks to raise nice and rt priorities. Defaults to traditional behavior. Originally written by Chris Wright. The patch implements a simple rlimit ceiling for the RT (and nice) priorities a task can set. The rlimit defaults to 0, meaning no change in behavior by default. A value of 50 means RT priority levels 1-50 are allowed. A value of 100 means all 99 privilege levels from 1 to 99 are allowed. CAP_SYS_NICE is blanket permission. (akpm: see http://www.uwsg.iu.edu/hypermail/linux/kernel/0503.1/1921.html for tips on integrating this with PAM). Signed-off-by: Matt Mackall <mpm@selenic.com> Acked-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/sched.c25
-rw-r--r--kernel/sys.c2
2 files changed, 20 insertions, 7 deletions
diff --git a/kernel/sched.c b/kernel/sched.c
index 9bb7489ee645..5dadcc6df7dd 100644
--- a/kernel/sched.c
+++ b/kernel/sched.c
@@ -3223,6 +3223,19 @@ out_unlock:
3223 3223
3224EXPORT_SYMBOL(set_user_nice); 3224EXPORT_SYMBOL(set_user_nice);
3225 3225
3226/*
3227 * can_nice - check if a task can reduce its nice value
3228 * @p: task
3229 * @nice: nice value
3230 */
3231int can_nice(const task_t *p, const int nice)
3232{
3233 /* convert nice value [19,-20] to rlimit style value [0,39] */
3234 int nice_rlim = 19 - nice;
3235 return (nice_rlim <= p->signal->rlim[RLIMIT_NICE].rlim_cur ||
3236 capable(CAP_SYS_NICE));
3237}
3238
3226#ifdef __ARCH_WANT_SYS_NICE 3239#ifdef __ARCH_WANT_SYS_NICE
3227 3240
3228/* 3241/*
@@ -3242,12 +3255,8 @@ asmlinkage long sys_nice(int increment)
3242 * We don't have to worry. Conceptually one call occurs first 3255 * We don't have to worry. Conceptually one call occurs first
3243 * and we have a single winner. 3256 * and we have a single winner.
3244 */ 3257 */
3245 if (increment < 0) { 3258 if (increment < -40)
3246 if (!capable(CAP_SYS_NICE)) 3259 increment = -40;
3247 return -EPERM;
3248 if (increment < -40)
3249 increment = -40;
3250 }
3251 if (increment > 40) 3260 if (increment > 40)
3252 increment = 40; 3261 increment = 40;
3253 3262
@@ -3257,6 +3266,9 @@ asmlinkage long sys_nice(int increment)
3257 if (nice > 19) 3266 if (nice > 19)
3258 nice = 19; 3267 nice = 19;
3259 3268
3269 if (increment < 0 && !can_nice(current, nice))
3270 return -EPERM;
3271
3260 retval = security_task_setnice(current, nice); 3272 retval = security_task_setnice(current, nice);
3261 if (retval) 3273 if (retval)
3262 return retval; 3274 return retval;
@@ -3372,6 +3384,7 @@ recheck:
3372 return -EINVAL; 3384 return -EINVAL;
3373 3385
3374 if ((policy == SCHED_FIFO || policy == SCHED_RR) && 3386 if ((policy == SCHED_FIFO || policy == SCHED_RR) &&
3387 param->sched_priority > p->signal->rlim[RLIMIT_RTPRIO].rlim_cur &&
3375 !capable(CAP_SYS_NICE)) 3388 !capable(CAP_SYS_NICE))
3376 return -EPERM; 3389 return -EPERM;
3377 if ((current->euid != p->euid) && (current->euid != p->uid) && 3390 if ((current->euid != p->euid) && (current->euid != p->uid) &&
diff --git a/kernel/sys.c b/kernel/sys.c
index df2ddcc6863b..7f43d6e62c7a 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -227,7 +227,7 @@ static int set_one_prio(struct task_struct *p, int niceval, int error)
227 error = -EPERM; 227 error = -EPERM;
228 goto out; 228 goto out;
229 } 229 }
230 if (niceval < task_nice(p) && !capable(CAP_SYS_NICE)) { 230 if (niceval < task_nice(p) && !can_nice(p, niceval)) {
231 error = -EACCES; 231 error = -EACCES;
232 goto out; 232 goto out;
233 } 233 }