sched/deadline: Deny unprivileged users to set/change SCHED_DEADLINE policy
authorJuri Lelli <juri.lelli@gmail.com>
Mon, 3 Mar 2014 11:09:21 +0000 (12:09 +0100)
committerIngo Molnar <mingo@kernel.org>
Tue, 11 Mar 2014 10:33:46 +0000 (11:33 +0100)
Deny the use of SCHED_DEADLINE policy to unprivileged users.
Even if root users can set the policy for normal users, we
don't want the latter to be able to change their parameters
(safest behavior).

Signed-off-by: Juri Lelli <juri.lelli@gmail.com>
Signed-off-by: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/1393844961-18097-1-git-send-email-juri.lelli@gmail.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
kernel/sched/core.c

index 6edbef296ece25a6ee68facac279445414692368..f5c6635b806c56550bcee17aa0c2490c96b16ff7 100644 (file)
@@ -3338,6 +3338,15 @@ recheck:
                                return -EPERM;
                }
 
+                /*
+                 * Can't set/change SCHED_DEADLINE policy at all for now
+                 * (safest behavior); in the future we would like to allow
+                 * unprivileged DL tasks to increase their relative deadline
+                 * or reduce their runtime (both ways reducing utilization)
+                 */
+               if (dl_policy(policy))
+                       return -EPERM;
+
                /*
                 * Treat SCHED_IDLE as nice 20. Only allow a switch to
                 * SCHED_NORMAL if the RLIMIT_NICE would normally permit it.