diff options
Diffstat (limited to 'security/selinux')
-rw-r--r-- | security/selinux/hooks.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 9b40f4c0ac70..42043f96e54f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -2284,12 +2284,15 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm) | |||
2284 | rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS, | 2284 | rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS, |
2285 | PROCESS__RLIMITINH, NULL); | 2285 | PROCESS__RLIMITINH, NULL); |
2286 | if (rc) { | 2286 | if (rc) { |
2287 | /* protect against do_prlimit() */ | ||
2288 | task_lock(current); | ||
2287 | for (i = 0; i < RLIM_NLIMITS; i++) { | 2289 | for (i = 0; i < RLIM_NLIMITS; i++) { |
2288 | rlim = current->signal->rlim + i; | 2290 | rlim = current->signal->rlim + i; |
2289 | initrlim = init_task.signal->rlim + i; | 2291 | initrlim = init_task.signal->rlim + i; |
2290 | rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); | 2292 | rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); |
2291 | } | 2293 | } |
2292 | update_rlimit_cpu(current->signal->rlim[RLIMIT_CPU].rlim_cur); | 2294 | task_unlock(current); |
2295 | update_rlimit_cpu(current, rlimit(RLIMIT_CPU)); | ||
2293 | } | 2296 | } |
2294 | } | 2297 | } |
2295 | 2298 | ||
@@ -3333,16 +3336,17 @@ static int selinux_task_getioprio(struct task_struct *p) | |||
3333 | return current_has_perm(p, PROCESS__GETSCHED); | 3336 | return current_has_perm(p, PROCESS__GETSCHED); |
3334 | } | 3337 | } |
3335 | 3338 | ||
3336 | static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim) | 3339 | static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource, |
3340 | struct rlimit *new_rlim) | ||
3337 | { | 3341 | { |
3338 | struct rlimit *old_rlim = current->signal->rlim + resource; | 3342 | struct rlimit *old_rlim = p->signal->rlim + resource; |
3339 | 3343 | ||
3340 | /* Control the ability to change the hard limit (whether | 3344 | /* Control the ability to change the hard limit (whether |
3341 | lowering or raising it), so that the hard limit can | 3345 | lowering or raising it), so that the hard limit can |
3342 | later be used as a safe reset point for the soft limit | 3346 | later be used as a safe reset point for the soft limit |
3343 | upon context transitions. See selinux_bprm_committing_creds. */ | 3347 | upon context transitions. See selinux_bprm_committing_creds. */ |
3344 | if (old_rlim->rlim_max != new_rlim->rlim_max) | 3348 | if (old_rlim->rlim_max != new_rlim->rlim_max) |
3345 | return current_has_perm(current, PROCESS__SETRLIMIT); | 3349 | return current_has_perm(p, PROCESS__SETRLIMIT); |
3346 | 3350 | ||
3347 | return 0; | 3351 | return 0; |
3348 | } | 3352 | } |