[PATCH] VM: add capabilites check to set_zone_reclaim
Add a capability check to sys_set_zone_reclaim(). This syscall is not
something that should be available to a user.
Signed-off-by: Martin Hicks <mort@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 8d139f4..6b46189 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -233,6 +233,7 @@
/* Allow enabling/disabling tagged queuing on SCSI controllers and sending
arbitrary SCSI commands */
/* Allow setting encryption key on loopback filesystem */
+/* Allow setting zone reclaim policy */
#define CAP_SYS_ADMIN 21
diff --git a/mm/vmscan.c b/mm/vmscan.c
index cfffe50..ab631a3 100644
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -1375,6 +1375,9 @@
struct zone *z;
int i;
+ if (!capable(CAP_SYS_ADMIN))
+ return -EACCES;
+
if (node >= MAX_NUMNODES || !node_online(node))
return -EINVAL;