diff options
author | Matt Mackall <mpm@selenic.com> | 2005-05-01 11:59:00 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-05-01 11:59:00 -0400 |
commit | e43379f10b42194b8a6e1de342cfb44463c0f6da (patch) | |
tree | bf6463200dc7e14f266b7f12807c7cbfbb6700c2 /kernel | |
parent | 9fc1427a01a9df3605e219c6de0c59c4639209a1 (diff) |
[PATCH] nice and rt-prio rlimits
Add a pair of rlimits for allowing non-root tasks to raise nice and rt
priorities. Defaults to traditional behavior. Originally written by
Chris Wright.
The patch implements a simple rlimit ceiling for the RT (and nice) priorities
a task can set. The rlimit defaults to 0, meaning no change in behavior by
default. A value of 50 means RT priority levels 1-50 are allowed. A value of
100 means all 99 privilege levels from 1 to 99 are allowed. CAP_SYS_NICE is
blanket permission.
(akpm: see http://www.uwsg.iu.edu/hypermail/linux/kernel/0503.1/1921.html for
tips on integrating this with PAM).
Signed-off-by: Matt Mackall <mpm@selenic.com>
Acked-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/sched.c | 25 | ||||
-rw-r--r-- | kernel/sys.c | 2 |
2 files changed, 20 insertions, 7 deletions
diff --git a/kernel/sched.c b/kernel/sched.c index 9bb7489ee645..5dadcc6df7dd 100644 --- a/kernel/sched.c +++ b/kernel/sched.c | |||
@@ -3223,6 +3223,19 @@ out_unlock: | |||
3223 | 3223 | ||
3224 | EXPORT_SYMBOL(set_user_nice); | 3224 | EXPORT_SYMBOL(set_user_nice); |
3225 | 3225 | ||
3226 | /* | ||
3227 | * can_nice - check if a task can reduce its nice value | ||
3228 | * @p: task | ||
3229 | * @nice: nice value | ||
3230 | */ | ||
3231 | int can_nice(const task_t *p, const int nice) | ||
3232 | { | ||
3233 | /* convert nice value [19,-20] to rlimit style value [0,39] */ | ||
3234 | int nice_rlim = 19 - nice; | ||
3235 | return (nice_rlim <= p->signal->rlim[RLIMIT_NICE].rlim_cur || | ||
3236 | capable(CAP_SYS_NICE)); | ||
3237 | } | ||
3238 | |||
3226 | #ifdef __ARCH_WANT_SYS_NICE | 3239 | #ifdef __ARCH_WANT_SYS_NICE |
3227 | 3240 | ||
3228 | /* | 3241 | /* |
@@ -3242,12 +3255,8 @@ asmlinkage long sys_nice(int increment) | |||
3242 | * We don't have to worry. Conceptually one call occurs first | 3255 | * We don't have to worry. Conceptually one call occurs first |
3243 | * and we have a single winner. | 3256 | * and we have a single winner. |
3244 | */ | 3257 | */ |
3245 | if (increment < 0) { | 3258 | if (increment < -40) |
3246 | if (!capable(CAP_SYS_NICE)) | 3259 | increment = -40; |
3247 | return -EPERM; | ||
3248 | if (increment < -40) | ||
3249 | increment = -40; | ||
3250 | } | ||
3251 | if (increment > 40) | 3260 | if (increment > 40) |
3252 | increment = 40; | 3261 | increment = 40; |
3253 | 3262 | ||
@@ -3257,6 +3266,9 @@ asmlinkage long sys_nice(int increment) | |||
3257 | if (nice > 19) | 3266 | if (nice > 19) |
3258 | nice = 19; | 3267 | nice = 19; |
3259 | 3268 | ||
3269 | if (increment < 0 && !can_nice(current, nice)) | ||
3270 | return -EPERM; | ||
3271 | |||
3260 | retval = security_task_setnice(current, nice); | 3272 | retval = security_task_setnice(current, nice); |
3261 | if (retval) | 3273 | if (retval) |
3262 | return retval; | 3274 | return retval; |
@@ -3372,6 +3384,7 @@ recheck: | |||
3372 | return -EINVAL; | 3384 | return -EINVAL; |
3373 | 3385 | ||
3374 | if ((policy == SCHED_FIFO || policy == SCHED_RR) && | 3386 | if ((policy == SCHED_FIFO || policy == SCHED_RR) && |
3387 | param->sched_priority > p->signal->rlim[RLIMIT_RTPRIO].rlim_cur && | ||
3375 | !capable(CAP_SYS_NICE)) | 3388 | !capable(CAP_SYS_NICE)) |
3376 | return -EPERM; | 3389 | return -EPERM; |
3377 | if ((current->euid != p->euid) && (current->euid != p->uid) && | 3390 | if ((current->euid != p->euid) && (current->euid != p->uid) && |
diff --git a/kernel/sys.c b/kernel/sys.c index df2ddcc6863b..7f43d6e62c7a 100644 --- a/kernel/sys.c +++ b/kernel/sys.c | |||
@@ -227,7 +227,7 @@ static int set_one_prio(struct task_struct *p, int niceval, int error) | |||
227 | error = -EPERM; | 227 | error = -EPERM; |
228 | goto out; | 228 | goto out; |
229 | } | 229 | } |
230 | if (niceval < task_nice(p) && !capable(CAP_SYS_NICE)) { | 230 | if (niceval < task_nice(p) && !can_nice(p, niceval)) { |
231 | error = -EACCES; | 231 | error = -EACCES; |
232 | goto out; | 232 | goto out; |
233 | } | 233 | } |