[PATCH] SELinux: add security hooks to {get,set}affinity

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

This patch adds LSM hooks into the setaffinity and getaffinity functions to
enable security modules to control these operations between tasks with
task_setscheduler and task_getscheduler LSM hooks.

Signed-off-by: David Quigley <dpquigl@tycho.nsa.gov>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

authored by

David Quigley and committed by

Linus Torvalds 20 years ago e7834f8f 03e68060

+8 -1

1 changed file

expand all

kernel

sched.c

+8 -1

kernel/sched.c

··· 3886 3886 !capable(CAP_SYS_NICE)) 3887 3887 goto out_unlock; 3888 3888 3889 + retval = security_task_setscheduler(p, 0, NULL); 3890 + if (retval) 3891 + goto out_unlock; 3892 + 3889 3893 cpus_allowed = cpuset_cpus_allowed(p); 3890 3894 cpus_and(new_mask, new_mask, cpus_allowed); 3891 3895 retval = set_cpus_allowed(p, new_mask); ··· 3958 3954 if (!p) 3959 3955 goto out_unlock; 3960 3956 3961 - retval = 0; 3957 + retval = security_task_getscheduler(p); 3958 + if (retval) 3959 + goto out_unlock; 3960 + 3962 3961 cpus_and(*mask, p->cpus_allowed, cpu_online_map); 3963 3962 3964 3963 out_unlock: