aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/hooks.c
diff options
context:
space:
mode:
authorOleg Nesterov <[email protected]>2010-06-23 20:43:32 +0000
committerJiri Slaby <[email protected]>2010-07-16 07:48:46 +0000
commiteb2d55a32b9a91bca0dea299eedb560bafa8b14e (patch)
tree1ba1a701c56614fc03d282b572164e1c409a0df0 /security/selinux/hooks.c
parentrlimits: make sure ->rlim_max never grows in sys_setrlimit (diff)
downloadkernel-eb2d55a32b9a91bca0dea299eedb560bafa8b14e.tar.gz
kernel-eb2d55a32b9a91bca0dea299eedb560bafa8b14e.zip
rlimits: selinux, do rlimits changes under task_lock
When doing an exec, selinux updates rlimits in its code of current process depending on current max. Make sure max or cur doesn't change in the meantime by grabbing task_lock which do_prlimit needs for changing limits too. While at it, use rlimit helper for accessing CPU rlimit a line below. To have a volatile access too. Signed-off-by: Jiri Slaby <[email protected]> Cc: Oleg Nesterov <[email protected]>
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r--security/selinux/hooks.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index afb18a9ebba1..2a8a0a915ff3 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2333,13 +2333,15 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
PROCESS__RLIMITINH, NULL);
if (rc) {
+ /* protect against do_prlimit() */
+ task_lock(current);
for (i = 0; i < RLIM_NLIMITS; i++) {
rlim = current->signal->rlim + i;
initrlim = init_task.signal->rlim + i;
rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
}
- update_rlimit_cpu(current,
- current->signal->rlim[RLIMIT_CPU].rlim_cur);
+ task_unlock(current);
+ update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
}
}
generated by cgit (git 2.51.2) at 2025-12-03 00:55:47 +0000