summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Hicks <mort@sgi.com>2005-09-03 15:54:50 -0700
committerLinus Torvalds <torvalds@evo.osdl.org>2005-09-05 00:05:44 -0700
commitbce5f6ba340b09d8b29902add204bb95a6d3d88b (patch)
tree1cfeea969fa5848f0a8d31394829aec5c8571a79
parent242e54686257493f0b10ac557e730419d9af7d24 (diff)
downloadlwn-bce5f6ba340b09d8b29902add204bb95a6d3d88b.tar.gz
lwn-bce5f6ba340b09d8b29902add204bb95a6d3d88b.zip
[PATCH] VM: add capabilites check to set_zone_reclaim
Add a capability check to sys_set_zone_reclaim(). This syscall is not something that should be available to a user. Signed-off-by: Martin Hicks <mort@sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--include/linux/capability.h1
-rw-r--r--mm/vmscan.c3
2 files changed, 4 insertions, 0 deletions
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 8d139f4acf23..6b4618902d3d 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -233,6 +233,7 @@ typedef __u32 kernel_cap_t;
/* Allow enabling/disabling tagged queuing on SCSI controllers and sending
arbitrary SCSI commands */
/* Allow setting encryption key on loopback filesystem */
+/* Allow setting zone reclaim policy */
#define CAP_SYS_ADMIN 21
diff --git a/mm/vmscan.c b/mm/vmscan.c
index cfffe5098d53..ab631a3c62c3 100644
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -1375,6 +1375,9 @@ asmlinkage long sys_set_zone_reclaim(unsigned int node, unsigned int zone,
struct zone *z;
int i;
+ if (!capable(CAP_SYS_ADMIN))
+ return -EACCES;
+
if (node >= MAX_NUMNODES || !node_online(node))
return -EINVAL;