On Fri, Jul 15, 2016 at 10:51 AM, Nick Kralevich <[email protected]> wrote: > On Fri, Jul 15, 2016 at 10:24 AM, John Stultz <[email protected]> wrote: >> As requested, this patch implements a task_settimerslack LSM hook >> so that the /proc/<tid>/timerslack_ns interface can have finer >> grained security policies applied to it. >> >> Don't really know what I'm doing here, so close review would be >> appreciated! >> >> Cc: Kees Cook <[email protected]> >> Cc: "Serge E. Hallyn" <[email protected]> >> Cc: Andrew Morton <[email protected]> >> Cc: Thomas Gleixner <[email protected]> >> CC: Arjan van de Ven <[email protected]> >> Cc: Oren Laadan <[email protected]> >> Cc: Ruchi Kandoi <[email protected]> >> Cc: Rom Lemarchand <[email protected]> >> Cc: Todd Kjos <[email protected]> >> Cc: Colin Cross <[email protected]> >> Cc: Nick Kralevich <[email protected]> >> Cc: Dmitry Shmidt <[email protected]> >> Cc: Elliott Hughes <[email protected]> >> Cc: Android Kernel Team <[email protected]> >> Signed-off-by: John Stultz <[email protected]> >> --- >> v2: Initial swing at adding LSM hook >> >> fs/proc/base.c | 7 +++++++ >> include/linux/lsm_hooks.h | 7 +++++++ >> include/linux/security.h | 6 ++++++ >> security/security.c | 7 +++++++ >> security/selinux/hooks.c | 6 ++++++ >> 5 files changed, 33 insertions(+) >> >> diff --git a/fs/proc/base.c b/fs/proc/base.c >> index 8f4f8d7..7f10b37 100644 >> --- a/fs/proc/base.c >> +++ b/fs/proc/base.c >> @@ -2284,6 +2284,12 @@ static ssize_t timerslack_ns_write(struct file *file, >> const char __user *buf, >> if (!p) >> return -ESRCH; >> >> + err = security_task_settimerslack(current, slack_ns); > > The first argument should be "p", not "current". "p" is the target > process you're trying to adjust.
Ah, yes. Thanks. Clearly I don't know what I'm doing here. :) -john
