[PATCH] SELinux: add security hooks to {get,set}affinity
This patch adds LSM hooks into the setaffinity and getaffinity functions to enable security modules to control these operations between tasks with task_setscheduler and task_getscheduler LSM hooks. Signed-off-by: David Quigley <dpquigl@tycho.nsa.gov> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
parent
03e6806063
commit
e7834f8fcc
1 changed files with 8 additions and 1 deletions
|
@ -3886,6 +3886,10 @@ long sched_setaffinity(pid_t pid, cpumask_t new_mask)
|
|||
!capable(CAP_SYS_NICE))
|
||||
goto out_unlock;
|
||||
|
||||
retval = security_task_setscheduler(p, 0, NULL);
|
||||
if (retval)
|
||||
goto out_unlock;
|
||||
|
||||
cpus_allowed = cpuset_cpus_allowed(p);
|
||||
cpus_and(new_mask, new_mask, cpus_allowed);
|
||||
retval = set_cpus_allowed(p, new_mask);
|
||||
|
@ -3954,7 +3958,10 @@ long sched_getaffinity(pid_t pid, cpumask_t *mask)
|
|||
if (!p)
|
||||
goto out_unlock;
|
||||
|
||||
retval = 0;
|
||||
retval = security_task_getscheduler(p);
|
||||
if (retval)
|
||||
goto out_unlock;
|
||||
|
||||
cpus_and(*mask, p->cpus_allowed, cpu_online_map);
|
||||
|
||||
out_unlock:
|
||||
|
|
Loading…
Reference in a new issue