/* * SELinux support for the Audit LSM hooks * * Most of below header was moved from include/linux/selinux.h which * is released under below copyrights: * * Author: James Morris * * Copyright (C) 2005 Red Hat, Inc., James Morris * Copyright (C) 2006 Trusted Computer Solutions, Inc. * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2, * as published by the Free Software Foundation. */ #ifndef _SELINUX_AUDIT_H #define _SELINUX_AUDIT_H /** * selinux_audit_rule_init - alloc/init an selinux audit rule structure. * @field: the field this rule refers to * @op: the operater the rule uses * @rulestr: the text "target" of the rule * @rule: pointer to the new rule structure returned via this * * Returns 0 if successful, -errno if not. On success, the rule structure * will be allocated internally. The caller must free this structure with * selinux_audit_rule_free() after use. */ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **rule); /** * selinux_audit_rule_free - free an selinux audit rule structure. * @rule: pointer to the audit rule to be freed * * This will free all memory associated with the given rule. * If @rule is NULL, no operation is performed. */ void selinux_audit_rule_free(void *rule); /** * selinux_audit_rule_match - determine if a context ID matches a rule. * @sid: the context ID to check * @field: the field this rule refers to * @op: the operater the rule uses * @rule: pointer to the audit rule to check against * @actx: the audit context (can be NULL) associated with the check * * Returns 1 if the context id matches the rule, 0 if it does not, and * -errno on failure. */ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule, struct audit_context *actx); /** * selinux_audit_rule_known - check to see if rule contains selinux fields. * @rule: rule to be checked * Returns 1 if there are selinux fields specified in the rule, 0 otherwise. */ int selinux_audit_rule_known(struct audit_krule *krule); #endif /* _SELINUX_AUDIT_H */ b63ecb1a349d50a6d69d1d6feb4a'>diff
diff options
context:
space:
mode:
authorTejun Heo <tj@kernel.org>2017-01-26 16:47:28 -0500
committerTejun Heo <tj@kernel.org>2017-01-26 16:47:28 -0500
commit07cd12945551b63ecb1a349d50a6d69d1d6feb4a (patch)
tree75f65eba7eac9277971082a2d5a4cf1370562c0c /tools/perf/Documentation
parent7ce7d89f48834cefece7804d38fc5d85382edf77 (diff)
cgroup: don't online subsystems before cgroup_name/path() are operational
While refactoring cgroup creation, a5bca2152036 ("cgroup: factor out cgroup_create() out of cgroup_mkdir()") incorrectly onlined subsystems before the new cgroup is associated with it kernfs_node. This is fine for cgroup proper but cgroup_name/path() depend on the associated kernfs_node and if a subsystem makes the new cgroup_subsys_state visible, which they're allowed to after onlining, it can lead to NULL dereference. The current code performs cgroup creation and subsystem onlining in cgroup_create() and cgroup_mkdir() makes the cgroup and subsystems visible afterwards. There's no reason to online the subsystems early and we can simply drop cgroup_apply_control_enable() call from cgroup_create() so that the subsystems are onlined and made visible at the same time. Signed-off-by: Tejun Heo <tj@kernel.org> Reported-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> Fixes: a5bca2152036 ("cgroup: factor out cgroup_create() out of cgroup_mkdir()") Cc: stable@vger.kernel.org # v4.6+
Diffstat (limited to 'tools/perf/Documentation')