[PATCH][LSM] Early init for security modules and various cleanups

From: Chris Wright (chris@wirex.com)
Date: Mon Jun 02 2003 - 04:54:50 EST

# This is a BitKeeper generated patch for the following project:
# Project Name: Linux kernel tree
# This patch format is intended for GNU patch command version 2.5 or higher.
# This patch includes the following deltas:
# ChangeSet 1.1259 -> 1.1260
# mm/oom_kill.c 1.23 -> 1.24
# include/linux/security.h 1.21 -> 1.22
#
# The following is the BitKeeper ChangeSet Log
# --------------------------------------------
# 03/06/02 sds@epoch.ncsc.mil 1.1260
# [LSM] Replaced the direct capability bit tests with calls to the
# security_capable hook in mm/oom_kill.c
# --------------------------------------------
#
diff -Nru a/include/linux/security.h b/include/linux/security.h
--- a/include/linux/security.h Mon Jun 2 01:30:56 2003
+++ b/include/linux/security.h Mon Jun 2 01:30:56 2003
@@ -1231,6 +1231,11 @@
         return security_ops->sysctl(table, op);
 }
 
+static inline int security_capable(struct task_struct * tsk, int cap)
+{
+ return security_ops->capable(tsk, cap);
+}
+
 static inline int security_quotactl (int cmds, int type, int id,
                                      struct super_block *sb)
 {
@@ -1894,6 +1899,11 @@
 static inline int security_sysctl(ctl_table * table, int op)
 {
         return 0;
+}
+
+static inline int security_capable(struct task_struct * tsk, int cap)
+{
+ return cap_capable(tsk, cap);
 }
 
 static inline int security_quotactl (int cmds, int type, int id,
diff -Nru a/mm/oom_kill.c b/mm/oom_kill.c
--- a/mm/oom_kill.c Mon Jun 2 01:30:56 2003
+++ b/mm/oom_kill.c Mon Jun 2 01:30:56 2003
@@ -20,6 +20,7 @@
 #include <linux/swap.h>
 #include <linux/timex.h>
 #include <linux/jiffies.h>
+#include <linux/security.h>
 
 /* #define DEBUG */
 
@@ -91,7 +92,7 @@
          * Superuser processes are usually more important, so we make it
          * less likely that we kill those.
          */
- if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_ADMIN) ||
+ if (!security_capable(p,CAP_SYS_ADMIN) ||
                                 p->uid == 0 || p->euid == 0)
                 points /= 4;
 
@@ -101,7 +102,7 @@
          * tend to only have this flag set on applications they think
          * of as important.
          */
- if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_RAWIO))
+ if (!security_capable(p,CAP_SYS_RAWIO))
                 points /= 4;
 #ifdef DEBUG
         printk(KERN_DEBUG "OOMkill: task %d (%s) got %d points\n",
@@ -154,7 +155,7 @@
         p->flags |= PF_MEMALLOC | PF_MEMDIE;
 
         /* This process has hardware access, be more careful. */
- if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_RAWIO)) {
+ if (!security_capable(p,CAP_SYS_RAWIO)) {
                 force_sig(SIGTERM, p);
         } else {
                 force_sig(SIGKILL, p);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

This archive was generated by hypermail 2b29 : Sat Jun 07 2003 - 22:00:16 EST