linux-sg2042/security
Ben Blum f780bdb7c1 cgroups: add per-thread subsystem callbacks
Add cgroup subsystem callbacks for per-thread attachment in atomic contexts

Add can_attach_task(), pre_attach(), and attach_task() as new callbacks
for cgroups's subsystem interface.  Unlike can_attach and attach, these
are for per-thread operations, to be called potentially many times when
attaching an entire threadgroup.

Also, the old "bool threadgroup" interface is removed, as replaced by
this.  All subsystems are modified for the new interface - of note is
cpuset, which requires from/to nodemasks for attach to be globally scoped
(though per-cpuset would work too) to persist from its pre_attach to
attach_task and attach.

This is a pre-patch for cgroup-procs-writable.patch.

Signed-off-by: Ben Blum <bblum@andrew.cmu.edu>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Li Zefan <lizf@cn.fujitsu.com>
Cc: Matt Helsley <matthltc@us.ibm.com>
Reviewed-by: Paul Menage <menage@google.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Miao Xie <miaox@cn.fujitsu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-05-26 17:12:34 -07:00
..
apparmor Fix common misspellings 2011-03-31 11:26:23 -03:00
integrity/ima ima: remove unnecessary call to ima_must_measure 2011-02-23 16:38:52 -05:00
keys Set cred->user_ns in key_replace_session_keyring 2011-05-26 13:49:19 -07:00
selinux Merge branch 'master' of git://git.infradead.org/users/eparis/selinux into for-linus 2011-05-24 23:20:19 +10:00
smack Merge branch 'master' of git://git.infradead.org/users/eparis/selinux into for-linus 2011-05-24 23:20:19 +10:00
tomoyo TOMOYO: Fix wrong domainname validation. 2011-05-12 11:07:21 +10:00
Kconfig security: select correct default LSM_MMAP_MIN_ADDR on ARM. 2011-03-22 09:35:12 +11:00
Makefile AppArmor: Enable configuring and building of the AppArmor security module 2010-08-02 15:38:34 +10:00
capability.c SECURITY: Move exec_permission RCU checks into security modules 2011-04-25 10:20:32 -04:00
commoncap.c capabilities: do not special case exec of init 2011-04-04 10:31:06 +10:00
device_cgroup.c cgroups: add per-thread subsystem callbacks 2011-05-26 17:12:34 -07:00
inode.c convert get_sb_single() users 2010-10-29 04:16:28 -04:00
lsm_audit.c LSM: separate LSM_AUDIT_DATA_DENTRY from LSM_AUDIT_DATA_PATH 2011-04-25 18:14:07 -04:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c SECURITY: Move exec_permission RCU checks into security modules 2011-04-25 10:20:32 -04:00