[PATCH][LSM] Early init for security modules and various cleanups

From: Chris Wright (chrisat_private)
Date: Mon Jun 02 2003 - 02:54:50 PDT

  • Next message: Chris Wright: "Re: [PATCH][LSM] Early init for security modules and various cleanups" 

    # This is a BitKeeper generated patch for the following project:
# Project Name: Linux kernel tree
# This patch format is intended for GNU patch command version 2.5 or higher.
# This patch includes the following deltas:
#	           ChangeSet	1.1259  -> 1.1260 
#	       mm/oom_kill.c	1.23    -> 1.24   
#	include/linux/security.h	1.21    -> 1.22   
#
# The following is the BitKeeper ChangeSet Log
# --------------------------------------------
# 03/06/02	sdsat_private	1.1260
# [LSM] Replaced the direct capability bit tests with calls to the
# security_capable hook in mm/oom_kill.c
# --------------------------------------------
#
diff -Nru a/include/linux/security.h b/include/linux/security.h
--- a/include/linux/security.h	Mon Jun  2 01:30:56 2003
+++ b/include/linux/security.h	Mon Jun  2 01:30:56 2003
@@ -1231,6 +1231,11 @@
 	return security_ops->sysctl(table, op);
 }
 
+static inline int security_capable(struct task_struct * tsk, int cap)
+{
+	return security_ops->capable(tsk, cap);
+}
+
 static inline int security_quotactl (int cmds, int type, int id,
 				     struct super_block *sb)
 {
@@ -1894,6 +1899,11 @@
 static inline int security_sysctl(ctl_table * table, int op)
 {
 	return 0;
+}
+
+static inline int security_capable(struct task_struct * tsk, int cap)
+{
+	return cap_capable(tsk, cap);
 }
 
 static inline int security_quotactl (int cmds, int type, int id,
diff -Nru a/mm/oom_kill.c b/mm/oom_kill.c
--- a/mm/oom_kill.c	Mon Jun  2 01:30:56 2003
+++ b/mm/oom_kill.c	Mon Jun  2 01:30:56 2003
@@ -20,6 +20,7 @@
 #include <linux/swap.h>
 #include <linux/timex.h>
 #include <linux/jiffies.h>
+#include <linux/security.h>
 
 /* #define DEBUG */
 
@@ -91,7 +92,7 @@
 	 * Superuser processes are usually more important, so we make it
 	 * less likely that we kill those.
 	 */
-	if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_ADMIN) ||
+	if (!security_capable(p,CAP_SYS_ADMIN) ||
 				p->uid == 0 || p->euid == 0)
 		points /= 4;
 
@@ -101,7 +102,7 @@
 	 * tend to only have this flag set on applications they think
 	 * of as important.
 	 */
-	if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_RAWIO))
+	if (!security_capable(p,CAP_SYS_RAWIO))
 		points /= 4;
 #ifdef DEBUG
 	printk(KERN_DEBUG "OOMkill: task %d (%s) got %d points\n",
@@ -154,7 +155,7 @@
 	p->flags |= PF_MEMALLOC | PF_MEMDIE;
 
 	/* This process has hardware access, be more careful. */
-	if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_RAWIO)) {
+	if (!security_capable(p,CAP_SYS_RAWIO)) {
 		force_sig(SIGTERM, p);
 	} else {
 		force_sig(SIGKILL, p);
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

    This archive was generated by hypermail 2b30 : Mon Jun 02 2003 - 02:58:16 PDT