diff options
| author | Andrew Morton <akpm@osdl.org> | 2003-07-02 08:49:35 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@home.osdl.org> | 2003-07-02 08:49:35 -0700 |
| commit | bc75ac4f1dcec256a65b531e2d5be84f5b0fe6bc (patch) | |
| tree | 10721936b043630c95f2e6686379c02bf7176e79 /include/linux/security.h | |
| parent | cee396e281fc2c8a55261eea1a89a594e98f3e0f (diff) | |
[PATCH] Security hook for vm_enough_memory
From: Stephen Smalley <sds@epoch.ncsc.mil>
This patch against 2.5.73 replaces vm_enough_memory with a security hook
per Alan Cox's suggestion so that security modules can completely replace
the logic if desired.
Note that the patch changes the interface to follow the convention of the
other security hooks, i.e. return 0 if ok or -errno on failure (-ENOMEM in
this case) rather than returning a boolean. It also exports various
variables and functions required for the vm_enough_memory logic.
Diffstat (limited to 'include/linux/security.h')
| -rw-r--r-- | include/linux/security.h | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 9589f99c3ef3..4d91dfc52c52 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -49,6 +49,7 @@ extern int cap_bprm_secureexec(struct linux_binprm *bprm); extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); extern void cap_task_reparent_to_init (struct task_struct *p); extern int cap_syslog (int type); +extern int cap_vm_enough_memory (long pages); static inline int cap_netlink_send (struct sk_buff *skb) { @@ -958,6 +959,10 @@ struct swap_info_struct; * See the syslog(2) manual page for an explanation of the @type values. * @type contains the type of action. * Return 0 if permission is granted. + * @vm_enough_memory: + * Check permissions for allocating a new virtual mapping. + * @pages contains the number of pages. + * Return 0 if permission is granted. * * @register_security: * allow module stacking. @@ -989,6 +994,7 @@ struct security_operations { int (*quotactl) (int cmds, int type, int id, struct super_block * sb); int (*quota_on) (struct file * f); int (*syslog) (int type); + int (*vm_enough_memory) (long pages); int (*bprm_alloc_security) (struct linux_binprm * bprm); void (*bprm_free_security) (struct linux_binprm * bprm); @@ -1238,6 +1244,11 @@ static inline int security_syslog(int type) return security_ops->syslog(type); } +static inline int security_vm_enough_memory(long pages) +{ + return security_ops->vm_enough_memory(pages); +} + static inline int security_bprm_alloc (struct linux_binprm *bprm) { return security_ops->bprm_alloc_security (bprm); @@ -1898,6 +1909,11 @@ static inline int security_syslog(int type) return cap_syslog(type); } +static inline int security_vm_enough_memory(long pages) +{ + return cap_vm_enough_memory(pages); +} + static inline int security_bprm_alloc (struct linux_binprm *bprm) { return 0; |