[PATCH][LSM] Early init for security modules and various cleanups

From: Chris Wright (chrisat_private)
Date: Mon Jun 02 2003 - 02:54:50 PDT

  • Next message: Chris Wright: "Re: [PATCH][LSM] Early init for security modules and various cleanups"

    # This is a BitKeeper generated patch for the following project:
    # Project Name: Linux kernel tree
    # This patch format is intended for GNU patch command version 2.5 or higher.
    # This patch includes the following deltas:
    #	           ChangeSet	1.1259  -> 1.1260 
    #	       mm/oom_kill.c	1.23    -> 1.24   
    #	include/linux/security.h	1.21    -> 1.22   
    #
    # The following is the BitKeeper ChangeSet Log
    # --------------------------------------------
    # 03/06/02	sdsat_private	1.1260
    # [LSM] Replaced the direct capability bit tests with calls to the
    # security_capable hook in mm/oom_kill.c
    # --------------------------------------------
    #
    diff -Nru a/include/linux/security.h b/include/linux/security.h
    --- a/include/linux/security.h	Mon Jun  2 01:30:56 2003
    +++ b/include/linux/security.h	Mon Jun  2 01:30:56 2003
    @@ -1231,6 +1231,11 @@
     	return security_ops->sysctl(table, op);
     }
     
    +static inline int security_capable(struct task_struct * tsk, int cap)
    +{
    +	return security_ops->capable(tsk, cap);
    +}
    +
     static inline int security_quotactl (int cmds, int type, int id,
     				     struct super_block *sb)
     {
    @@ -1894,6 +1899,11 @@
     static inline int security_sysctl(ctl_table * table, int op)
     {
     	return 0;
    +}
    +
    +static inline int security_capable(struct task_struct * tsk, int cap)
    +{
    +	return cap_capable(tsk, cap);
     }
     
     static inline int security_quotactl (int cmds, int type, int id,
    diff -Nru a/mm/oom_kill.c b/mm/oom_kill.c
    --- a/mm/oom_kill.c	Mon Jun  2 01:30:56 2003
    +++ b/mm/oom_kill.c	Mon Jun  2 01:30:56 2003
    @@ -20,6 +20,7 @@
     #include <linux/swap.h>
     #include <linux/timex.h>
     #include <linux/jiffies.h>
    +#include <linux/security.h>
     
     /* #define DEBUG */
     
    @@ -91,7 +92,7 @@
     	 * Superuser processes are usually more important, so we make it
     	 * less likely that we kill those.
     	 */
    -	if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_ADMIN) ||
    +	if (!security_capable(p,CAP_SYS_ADMIN) ||
     				p->uid == 0 || p->euid == 0)
     		points /= 4;
     
    @@ -101,7 +102,7 @@
     	 * tend to only have this flag set on applications they think
     	 * of as important.
     	 */
    -	if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_RAWIO))
    +	if (!security_capable(p,CAP_SYS_RAWIO))
     		points /= 4;
     #ifdef DEBUG
     	printk(KERN_DEBUG "OOMkill: task %d (%s) got %d points\n",
    @@ -154,7 +155,7 @@
     	p->flags |= PF_MEMALLOC | PF_MEMDIE;
     
     	/* This process has hardware access, be more careful. */
    -	if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_RAWIO)) {
    +	if (!security_capable(p,CAP_SYS_RAWIO)) {
     		force_sig(SIGTERM, p);
     	} else {
     		force_sig(SIGKILL, p);
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Jun 02 2003 - 02:58:16 PDT