[PATCH 1/2] SELinux: Add security hooks to {get,set}affinity

From: James Morris
Date: Wed Jun 21 2006 - 00:28:10 EST


From: David Quigley <dpquigl@xxxxxxxxxxxxx>

This patch adds LSM hooks into the setaffinity and getaffinity functions
to enable security modules to control these operations between tasks with
different security attributes. This implementation uses the existing
task_setscheduler and task_getscheduler LSM hooks.

This is aimed at 2.6.18 inclusion to cover new code currently unmediated
by SELinux.

Please apply.

Signed-Off-By: David Quigley <dpquigl@xxxxxxxxxxxxx>
Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
Signed-off-by: James Morrisj <jmorris@xxxxxxxxx>

---

kernel/sched.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)

diff -uprN -X /home/dpquigl/dontdiff linux-2.6.17-rc6-mm2/kernel/sched.c linux-2.6.17-rc6-mm2-affinity/kernel/sched.c
--- linux-2.6.17-rc6-mm2/kernel/sched.c 2006-06-15 09:46:28.000000000 -0400
+++ linux-2.6.17-rc6-mm2-affinity/kernel/sched.c 2006-06-15 09:51:55.000000000 -0400
@@ -4266,6 +4266,10 @@ long sched_setaffinity(pid_t pid, cpumas
!capable(CAP_SYS_NICE))
goto out_unlock;

+ retval = security_task_setscheduler(p, 0, NULL);
+ if (retval)
+ goto out_unlock;
+
cpus_allowed = cpuset_cpus_allowed(p);
cpus_and(new_mask, new_mask, cpus_allowed);
retval = set_cpus_allowed(p, new_mask);
@@ -4334,7 +4338,10 @@ long sched_getaffinity(pid_t pid, cpumas
if (!p)
goto out_unlock;

- retval = 0;
+ retval = security_task_getscheduler(p);
+ if (retval)
+ goto out_unlock;
+
cpus_and(*mask, p->cpus_allowed, cpu_online_map);

out_unlock:


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/