On Mon, 2004-10-18 at 13:02, Crispin Cowan wrote: > We (Immunix) discovered this bug a few weeks ago. At first we thought it > was a bug in our SubDomain module, but then determined that any attempt > to printk from within the scheduler hook was at risk of locking the kernel. > > John Johansen (cc'd) has prepared a patch that fixes the problem, and we > just yesterday sent it to Andrea Arcangeli (scheduler maintainer) for > comment. > > JJ, you wanna share your patch with the LSM list? Does the patch address both the security_task_setscheduler() hook call and the capable(CAP_SYS_NICE) calls by the setscheduler function? SELinux was already suppressing audit from its setscheduler hook to avoid this deadlock, but was not doing so for the CAP_SYS_NICE check. -- Stephen Smalley <sds@private> National Security Agency
This archive was generated by hypermail 2.1.3 : Mon Oct 18 2004 - 12:11:05 PDT