]> err.no Git - linux-2.6/commitdiff
[PATCH] SELinux: add security_task_movememory calls to mm code
authorDavid Quigley <dpquigl@tycho.nsa.gov>
Fri, 23 Jun 2006 09:04:02 +0000 (02:04 -0700)
committerLinus Torvalds <torvalds@g5.osdl.org>
Fri, 23 Jun 2006 14:42:54 +0000 (07:42 -0700)
This patch inserts security_task_movememory hook calls into memory management
code to enable security modules to mediate this operation between tasks.

Since the last posting, the hook has been renamed following feedback from
Christoph Lameter.

Signed-off-by: David Quigley <dpquigl@tycho.nsa.gov>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Cc: Andi Kleen <ak@muc.de>
Acked-by: Christoph Lameter <clameter@sgi.com>
Acked-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
mm/mempolicy.c
mm/migrate.c

index 05b84acf0bb33ad20ccf9914c23d883a8c42d01c..ec4a1a950df9eb60b71f2c12582ac3cde9d23fb9 100644 (file)
@@ -88,6 +88,7 @@
 #include <linux/proc_fs.h>
 #include <linux/migrate.h>
 #include <linux/rmap.h>
+#include <linux/security.h>
 
 #include <asm/tlbflush.h>
 #include <asm/uaccess.h>
@@ -942,6 +943,10 @@ asmlinkage long sys_migrate_pages(pid_t pid, unsigned long maxnode,
                goto out;
        }
 
+       err = security_task_movememory(task);
+       if (err)
+               goto out;
+
        err = do_migrate_pages(mm, &old, &new,
                capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
 out:
index 033a12f4c9499657aa07b10860484757291cc0d0..1c2a71aa05cd425a2863a1abc20f1ea6f7636085 100644 (file)
@@ -27,6 +27,7 @@
 #include <linux/writeback.h>
 #include <linux/mempolicy.h>
 #include <linux/vmalloc.h>
+#include <linux/security.h>
 
 #include "internal.h"
 
@@ -905,6 +906,11 @@ asmlinkage long sys_move_pages(pid_t pid, unsigned long nr_pages,
                goto out2;
        }
 
+       err = security_task_movememory(task);
+       if (err)
+               goto out2;
+
+
        task_nodes = cpuset_mems_allowed(task);
 
        /* Limit nr_pages so that the multiplication may not overflow */