int
gr_handle_chroot_setpriority(struct task_struct *p, const int niceval)
{
#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
	if (grsec_enable_chroot_nice && (niceval < task_nice(p))
			&& proc_is_chrooted(current)) {
		gr_log_str_int(GR_DONT_AUDIT, GR_PRIORITY_CHROOT_MSG, p->comm, p->pid);
		return -EACCES;
	}
#endif
	return 0;
}
Example #2
0
void
gr_acl_handle_exit(void)
{
	u16 id;
	char *rolename;

	if (unlikely(current->acl_sp_role && gr_acl_is_enabled() &&
	    !(current->role->roletype & GR_ROLE_PERSIST))) {
		id = current->acl_role_id;
		rolename = current->role->rolename;
		gr_set_acls(1);
		gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLEL_ACL_MSG, rolename, id);
	}

	gr_put_exec_file(current);
	return;
}
Example #3
0
void
gr_acl_handle_exit(void)
{
	u16 id;
	char *rolename;
	struct file *exec_file;

	if (unlikely(current->acl_sp_role && gr_acl_is_enabled())) {
		id = current->acl_role_id;
		rolename = current->role->rolename;
		gr_set_acls(1);
		gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLEL_ACL_MSG, rolename, id);
	}

	write_lock(&grsec_exec_file_lock);
	exec_file = current->exec_file;
	current->exec_file = NULL;
	write_unlock(&grsec_exec_file_lock);

	if (exec_file)
		fput(exec_file);
}