diff options
-rw-r--r-- | security/selinux/hooks.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index afb18a9ebba1..2a8a0a915ff3 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -2333,13 +2333,15 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm) | |||
2333 | rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS, | 2333 | rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS, |
2334 | PROCESS__RLIMITINH, NULL); | 2334 | PROCESS__RLIMITINH, NULL); |
2335 | if (rc) { | 2335 | if (rc) { |
2336 | /* protect against do_prlimit() */ | ||
2337 | task_lock(current); | ||
2336 | for (i = 0; i < RLIM_NLIMITS; i++) { | 2338 | for (i = 0; i < RLIM_NLIMITS; i++) { |
2337 | rlim = current->signal->rlim + i; | 2339 | rlim = current->signal->rlim + i; |
2338 | initrlim = init_task.signal->rlim + i; | 2340 | initrlim = init_task.signal->rlim + i; |
2339 | rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); | 2341 | rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); |
2340 | } | 2342 | } |
2341 | update_rlimit_cpu(current, | 2343 | task_unlock(current); |
2342 | current->signal->rlim[RLIMIT_CPU].rlim_cur); | 2344 | update_rlimit_cpu(current, rlimit(RLIMIT_CPU)); |
2343 | } | 2345 | } |
2344 | } | 2346 | } |
2345 | 2347 | ||