summaryrefslogtreecommitdiffstats
path: root/fs/proc
diff options
context:
space:
mode:
authorGuillem Jover <guillem.jover@nokia.com>2006-12-06 20:32:24 -0800
committerLinus Torvalds <torvalds@woody.osdl.org>2006-12-07 08:39:21 -0800
commit8fb4fc68ca391862b061b3d358a288ccf6abed39 (patch)
tree5fb67541fb76957260879812d6d21ead6c4e6852 /fs/proc
parent3b17979bda74493633364c2c263b452b7788e350 (diff)
[PATCH] Allow user processes to raise their oom_adj value
Currently a user process cannot rise its own oom_adj value (i.e. unprotecting itself from the OOM killer). As this value is stored in the task structure it gets inherited and the unprivileged childs will be unable to rise it. The EPERM will be handled by the generic proc fs layer, as only processes with the proper caps or the owner of the process will be able to write to the file. So we allow only the processes with CAP_SYS_RESOURCE to lower the value, otherwise it will get an EACCES which seems more appropriate than EPERM. Signed-off-by: Guillem Jover <guillem.jover@nokia.com> Acked-by: Andrea Arcangeli <andrea@novell.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs/proc')
-rw-r--r--fs/proc/base.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 795319c54f7..05ace70d051 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -683,8 +683,6 @@ static ssize_t oom_adjust_write(struct file *file, const char __user *buf,
char buffer[PROC_NUMBUF], *end;
int oom_adjust;
- if (!capable(CAP_SYS_RESOURCE))
- return -EPERM;
memset(buffer, 0, sizeof(buffer));
if (count > sizeof(buffer) - 1)
count = sizeof(buffer) - 1;
@@ -699,6 +697,10 @@ static ssize_t oom_adjust_write(struct file *file, const char __user *buf,
task = get_proc_task(file->f_dentry->d_inode);
if (!task)
return -ESRCH;
+ if (oom_adjust < task->oomkilladj && !capable(CAP_SYS_RESOURCE)) {
+ put_task_struct(task);
+ return -EACCES;
+ }
task->oomkilladj = oom_adjust;
put_task_struct(task);
if (end - buffer == 0)