[PATCH] VM: add capabilites check to set_zone_reclaim

Add a capability check to sys_set_zone_reclaim(). This syscall is not something that should be available to a user. Signed-off-by: Martin Hicks <mort@sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] VM: add capabilites check to set_zone_reclaim
Add a capability check to sys_set_zone_reclaim(). This syscall is not something that should be available to a user. Signed-off-by: Martin Hicks <mort@sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
bce5f6ba · Martin Hicks · Linus Torvalds · 242e5468 · bce5f6ba · bce5f6ba
Commit bce5f6ba authored Sep 03, 2005 by Martin Hicks Committed by Linus Torvalds Sep 05, 2005
Show whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

include/linux/capability.h include/linux/capability.h +1 -0

mm/vmscan.c mm/vmscan.c +3 -0

No files found.
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -233,6 +233,7 @@ typedef __u32 kernel_cap_t;
 /* Allow enabling/disabling tagged queuing on SCSI controllers and sending
   arbitrary SCSI commands */
 /* Allow setting encryption key on loopback filesystem */
+/* Allow setting zone reclaim policy */
 #define CAP_SYS_ADMIN        21

--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -1375,6 +1375,9 @@ asmlinkage long sys_set_zone_reclaim(unsigned int node, unsigned int zone,
 	struct zone *z;
 	int i;
+	if (!capable(CAP_SYS_ADMIN))
+		return -EACCES;
 	if (node >= MAX_NUMNODES || !node_online(node))
 		return -EINVAL;