diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-12-28 14:43:54 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-12-28 14:43:54 -0500 |
| commit | bb26c6c29b7cc9f39e491b074b09f3c284738d36 (patch) | |
| tree | c7867af2bb4ff0feae889183efcd4d79b0f9a325 /mm/mempolicy.c | |
| parent | e14e61e967f2b3bdf23f05e4ae5b9aa830151a44 (diff) | |
| parent | cbacc2c7f066a1e01b33b0e27ae5efbf534bc2db (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (105 commits)
SELinux: don't check permissions for kernel mounts
security: pass mount flags to security_sb_kern_mount()
SELinux: correctly detect proc filesystems of the form "proc/foo"
Audit: Log TIOCSTI
user namespaces: document CFS behavior
user namespaces: require cap_set{ug}id for CLONE_NEWUSER
user namespaces: let user_ns be cloned with fairsched
CRED: fix sparse warnings
User namespaces: use the current_user_ns() macro
User namespaces: set of cleanups (v2)
nfsctl: add headers for credentials
coda: fix creds reference
capabilities: define get_vfs_caps_from_disk when file caps are not enabled
CRED: Allow kernel services to override LSM settings for task actions
CRED: Add a kernel_service object class to SELinux
CRED: Differentiate objective and effective subjective credentials on a task
CRED: Documentation
CRED: Use creds in file structs
CRED: Prettify commoncap.c
CRED: Make execve() take advantage of copy-on-write credentials
...
Diffstat (limited to 'mm/mempolicy.c')
| -rw-r--r-- | mm/mempolicy.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/mm/mempolicy.c b/mm/mempolicy.c index e9493b1c1117..e412ffa8e52e 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c | |||
| @@ -1114,6 +1114,7 @@ asmlinkage long sys_migrate_pages(pid_t pid, unsigned long maxnode, | |||
| 1114 | const unsigned long __user *old_nodes, | 1114 | const unsigned long __user *old_nodes, |
| 1115 | const unsigned long __user *new_nodes) | 1115 | const unsigned long __user *new_nodes) |
| 1116 | { | 1116 | { |
| 1117 | const struct cred *cred = current_cred(), *tcred; | ||
| 1117 | struct mm_struct *mm; | 1118 | struct mm_struct *mm; |
| 1118 | struct task_struct *task; | 1119 | struct task_struct *task; |
| 1119 | nodemask_t old; | 1120 | nodemask_t old; |
| @@ -1148,12 +1149,16 @@ asmlinkage long sys_migrate_pages(pid_t pid, unsigned long maxnode, | |||
| 1148 | * capabilities, superuser privileges or the same | 1149 | * capabilities, superuser privileges or the same |
| 1149 | * userid as the target process. | 1150 | * userid as the target process. |
| 1150 | */ | 1151 | */ |
| 1151 | if ((current->euid != task->suid) && (current->euid != task->uid) && | 1152 | rcu_read_lock(); |
| 1152 | (current->uid != task->suid) && (current->uid != task->uid) && | 1153 | tcred = __task_cred(task); |
| 1154 | if (cred->euid != tcred->suid && cred->euid != tcred->uid && | ||
| 1155 | cred->uid != tcred->suid && cred->uid != tcred->uid && | ||
| 1153 | !capable(CAP_SYS_NICE)) { | 1156 | !capable(CAP_SYS_NICE)) { |
| 1157 | rcu_read_unlock(); | ||
| 1154 | err = -EPERM; | 1158 | err = -EPERM; |
| 1155 | goto out; | 1159 | goto out; |
| 1156 | } | 1160 | } |
| 1161 | rcu_read_unlock(); | ||
| 1157 | 1162 | ||
| 1158 | task_nodes = cpuset_mems_allowed(task); | 1163 | task_nodes = cpuset_mems_allowed(task); |
| 1159 | /* Is the user allowed to access the target nodes? */ | 1164 | /* Is the user allowed to access the target nodes? */ |