Commit 8a6f1605 authored by Stephen D. Smalley's avatar Stephen D. Smalley Committed by Linus Torvalds

[PATCH] SELinux: update selinux_task_setscheduler

This patch updates the selinux_task_setscheduler hook function to use the
standard helper for task permission checks since it is now safe to audit from
this hook (due to the upstream change to setscheduler() to not hold the
runqueue lock during the security hook call).
Signed-off-by: default avatarStephen Smalley <sds@epoch.ncsc.mil>
Signed-off-by: default avatarJames Morris <jmorris@redhat.com>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 260cac59
...@@ -2686,16 +2686,7 @@ static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim ...@@ -2686,16 +2686,7 @@ static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim
static int selinux_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp) static int selinux_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp)
{ {
struct task_security_struct *tsec1, *tsec2; return task_has_perm(current, p, PROCESS__SETSCHED);
tsec1 = current->security;
tsec2 = p->security;
/* No auditing from the setscheduler hook, since the runqueue lock
is held and the system will deadlock if we try to log an audit
message. */
return avc_has_perm_noaudit(tsec1->sid, tsec2->sid,
SECCLASS_PROCESS, PROCESS__SETSCHED, NULL);
} }
static int selinux_task_getscheduler(struct task_struct *p) static int selinux_task_getscheduler(struct task_struct *p)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment