git.baikalelectronics.ru Git - kernel.git/commit

author	Jeff Vander Stoep <jeffv@google.com>
	Thu, 12 Mar 2015 23:26:17 +0000 (16:26 -0700)
committer	Linus Torvalds <torvalds@linux-foundation.org>
	Fri, 13 Mar 2015 01:46:08 +0000 (18:46 -0700)
commit	19521ba99205e89e9e71027929d6aee5abe26c2a
tree	ed3d625f104b7f320d3ef8da6838a369cc57797a	tree \| snapshot
parent	918d93f16e8520be1d167411e489a5e81a70245d	commit \| diff

mm: reorder can_do_mlock to fix audit denial

A userspace call to mmap(MAP_LOCKED) may result in the successful locking
of memory while also producing a confusing audit log denial.  can_do_mlock
checks capable and rlimit.  If either of these return positive
can_do_mlock returns true.  The capable check leads to an LSM hook used by
apparmour and selinux which produce the audit denial.  Reordering so
rlimit is checked first eliminates the denial on success, only recording a
denial when the lock is unsuccessful as a result of the denial.

Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by: Nick Kralevich <nnk@google.com>
Cc: Jeff Vander Stoep <jeffv@google.com>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Paul Cassella <cassella@cray.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>