提交 e7834f8f 编写于 作者: D David Quigley 提交者: Linus Torvalds

[PATCH] SELinux: add security hooks to {get,set}affinity

This patch adds LSM hooks into the setaffinity and getaffinity functions to
enable security modules to control these operations between tasks with
task_setscheduler and task_getscheduler LSM hooks.
Signed-off-by: NDavid Quigley <dpquigl@tycho.nsa.gov>
Acked-by: NStephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: NJames Morris <jmorris@namei.org>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
上级 03e68060
...@@ -3886,6 +3886,10 @@ long sched_setaffinity(pid_t pid, cpumask_t new_mask) ...@@ -3886,6 +3886,10 @@ long sched_setaffinity(pid_t pid, cpumask_t new_mask)
!capable(CAP_SYS_NICE)) !capable(CAP_SYS_NICE))
goto out_unlock; goto out_unlock;
retval = security_task_setscheduler(p, 0, NULL);
if (retval)
goto out_unlock;
cpus_allowed = cpuset_cpus_allowed(p); cpus_allowed = cpuset_cpus_allowed(p);
cpus_and(new_mask, new_mask, cpus_allowed); cpus_and(new_mask, new_mask, cpus_allowed);
retval = set_cpus_allowed(p, new_mask); retval = set_cpus_allowed(p, new_mask);
...@@ -3954,7 +3958,10 @@ long sched_getaffinity(pid_t pid, cpumask_t *mask) ...@@ -3954,7 +3958,10 @@ long sched_getaffinity(pid_t pid, cpumask_t *mask)
if (!p) if (!p)
goto out_unlock; goto out_unlock;
retval = 0; retval = security_task_getscheduler(p);
if (retval)
goto out_unlock;
cpus_and(*mask, p->cpus_allowed, cpu_online_map); cpus_and(*mask, p->cpus_allowed, cpu_online_map);
out_unlock: out_unlock:
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册