rlimits: selinux, do rlimits changes under task_lock
When doing an exec, selinux updates rlimits in its code of current process depending on current max. Make sure max or cur doesn't change in the meantime by grabbing task_lock which do_prlimit needs for changing limits too. While at it, use rlimit helper for accessing CPU rlimit a line below. To have a volatile access too. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Oleg Nesterov <oleg@redhat.com>
This commit is contained in:
parent
2fb9d2689a
commit
eb2d55a32b
1 changed files with 4 additions and 2 deletions
|
@ -2333,13 +2333,15 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
|
|||
rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
|
||||
PROCESS__RLIMITINH, NULL);
|
||||
if (rc) {
|
||||
/* protect against do_prlimit() */
|
||||
task_lock(current);
|
||||
for (i = 0; i < RLIM_NLIMITS; i++) {
|
||||
rlim = current->signal->rlim + i;
|
||||
initrlim = init_task.signal->rlim + i;
|
||||
rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
|
||||
}
|
||||
update_rlimit_cpu(current,
|
||||
current->signal->rlim[RLIMIT_CPU].rlim_cur);
|
||||
task_unlock(current);
|
||||
update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue