On Mon, 2004-10-18 at 17:40, John Johansen wrote: > The patch to setscheduler moves the locking of the runqueue, until after > the calls to capable and security_task_setscheduler, so it fixes both of > them. I believe this to be safe, but it really needs vetting by a > scheduler person. I think that you need to hold the lock when extracting p->policy, and if you drop the lock for the security checks, you need to recheck that p->policy hasn't changed after you re-take the lock. Advantage of your approach (with those fixes) is that no special handling is required by capable(CAP_SYS_NICE) and security_task_setscheduler hook implementations; they can audit immediately. But given that the audit framework does support deferred auditing via audit_log_end_irq, I'm not sure that this is going to be compelling upstream, as it makes setscheduler() very convoluted. -- Stephen Smalley <sds@private> National Security Agency
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 05:18:32 PDT