aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/capability.c3
-rw-r--r--security/security.c5
-rw-r--r--security/selinux/hooks.c12
3 files changed, 13 insertions, 7 deletions
diff --git a/security/capability.c b/security/capability.c
index a0bbf30fb6dc..95a6599a37bb 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -411,7 +411,8 @@ static int cap_task_getioprio(struct task_struct *p)
411 return 0; 411 return 0;
412} 412}
413 413
414static int cap_task_setrlimit(unsigned int resource, struct rlimit *new_rlim) 414static int cap_task_setrlimit(struct task_struct *p, unsigned int resource,
415 struct rlimit *new_rlim)
415{ 416{
416 return 0; 417 return 0;
417} 418}
diff --git a/security/security.c b/security/security.c
index 7461b1bc296c..c53949f17d9e 100644
--- a/security/security.c
+++ b/security/security.c
@@ -780,9 +780,10 @@ int security_task_getioprio(struct task_struct *p)
780 return security_ops->task_getioprio(p); 780 return security_ops->task_getioprio(p);
781} 781}
782 782
783int security_task_setrlimit(unsigned int resource, struct rlimit *new_rlim) 783int security_task_setrlimit(struct task_struct *p, unsigned int resource,
784 struct rlimit *new_rlim)
784{ 785{
785 return security_ops->task_setrlimit(resource, new_rlim); 786 return security_ops->task_setrlimit(p, resource, new_rlim);
786} 787}
787 788
788int security_task_setscheduler(struct task_struct *p, 789int security_task_setscheduler(struct task_struct *p,
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 9b40f4c0ac70..42043f96e54f 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2284,12 +2284,15 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2284 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS, 2284 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2285 PROCESS__RLIMITINH, NULL); 2285 PROCESS__RLIMITINH, NULL);
2286 if (rc) { 2286 if (rc) {
2287 /* protect against do_prlimit() */
2288 task_lock(current);
2287 for (i = 0; i < RLIM_NLIMITS; i++) { 2289 for (i = 0; i < RLIM_NLIMITS; i++) {
2288 rlim = current->signal->rlim + i; 2290 rlim = current->signal->rlim + i;
2289 initrlim = init_task.signal->rlim + i; 2291 initrlim = init_task.signal->rlim + i;
2290 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); 2292 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2291 } 2293 }
2292 update_rlimit_cpu(current->signal->rlim[RLIMIT_CPU].rlim_cur); 2294 task_unlock(current);
2295 update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
2293 } 2296 }
2294} 2297}
2295 2298
@@ -3333,16 +3336,17 @@ static int selinux_task_getioprio(struct task_struct *p)
3333 return current_has_perm(p, PROCESS__GETSCHED); 3336 return current_has_perm(p, PROCESS__GETSCHED);
3334} 3337}
3335 3338
3336static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim) 3339static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
3340 struct rlimit *new_rlim)
3337{ 3341{
3338 struct rlimit *old_rlim = current->signal->rlim + resource; 3342 struct rlimit *old_rlim = p->signal->rlim + resource;
3339 3343
3340 /* Control the ability to change the hard limit (whether 3344 /* Control the ability to change the hard limit (whether
3341 lowering or raising it), so that the hard limit can 3345 lowering or raising it), so that the hard limit can
3342 later be used as a safe reset point for the soft limit 3346 later be used as a safe reset point for the soft limit
3343 upon context transitions. See selinux_bprm_committing_creds. */ 3347 upon context transitions. See selinux_bprm_committing_creds. */
3344 if (old_rlim->rlim_max != new_rlim->rlim_max) 3348 if (old_rlim->rlim_max != new_rlim->rlim_max)
3345 return current_has_perm(current, PROCESS__SETRLIMIT); 3349 return current_has_perm(p, PROCESS__SETRLIMIT);
3346 3350
3347 return 0; 3351 return 0;
3348} 3352}