From bce5f6ba340b09d8b29902add204bb95a6d3d88b Mon Sep 17 00:00:00 2001 From: Martin Hicks Date: Sat, 3 Sep 2005 15:54:50 -0700 Subject: [PATCH] VM: add capabilites check to set_zone_reclaim Add a capability check to sys_set_zone_reclaim(). This syscall is not something that should be available to a user. Signed-off-by: Martin Hicks Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- include/linux/capability.h | 1 + mm/vmscan.c | 3 +++ 2 files changed, 4 insertions(+) diff --git a/include/linux/capability.h b/include/linux/capability.h index 8d139f4..6b46189 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -233,6 +233,7 @@ typedef __u32 kernel_cap_t; /* Allow enabling/disabling tagged queuing on SCSI controllers and sending arbitrary SCSI commands */ /* Allow setting encryption key on loopback filesystem */ +/* Allow setting zone reclaim policy */ #define CAP_SYS_ADMIN 21 diff --git a/mm/vmscan.c b/mm/vmscan.c index cfffe50..ab631a3 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -1375,6 +1375,9 @@ asmlinkage long sys_set_zone_reclaim(unsigned int node, unsigned int zone, struct zone *z; int i; + if (!capable(CAP_SYS_ADMIN)) + return -EACCES; + if (node >= MAX_NUMNODES || !node_online(node)) return -EINVAL; -- cgit v1.1