| Age | Commit message (Collapse) | Author |
|---|
|
Move capable() to kernel/capability.c and eliminate duplicate
implementations. Add __capable() function which can be used to check for
capabiilty of any process.
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
- Move capable() from sched.h to capability.h;
- Use <linux/capability.h> where capable() is used
(in include/, block/, ipc/, kernel/, a few drivers/,
mm/, security/, & sound/;
many more drivers/ to go)
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
Add a capability check to sys_set_zone_reclaim(). This syscall is not
something that should be available to a user.
Signed-off-by: Martin Hicks <mort@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
This is a megarollup of ~60 patches which give various things static scope.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
The audit control messages are sent over netlink. Permission checks are
done on the process receiving the message, which may not be the same as the
process sending the message. This patch switches the netlink_send security
hooks to calculate the effective capabilities based on the sender. Then
audit_receive_msg performs capability checks based on that.
It also introduces the CAP_AUDIT_WRITE and CAP_AUDIT_CONTROL capabilities,
and replaces the previous CAP_SYS_ADMIN checks in audit code with the
appropriate checks.
- Simplified dummy_netlink_send given that dummy now keeps track of
capabilities.
- Many fixes based on feedback from <linux-audit@redhat.com> list.
- Removed the netlink_msg_type helper function.
- Switch to using CAP_AUDIT_WRITE and CAP_AUDIT_CONTROL.
Signed-off-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
handling.
This pointed out a bug in x86 sys_rt_sigreturn(), btw.
|
|
I started looking into a couple FIXMEs in kernel/capability.c and I
ended up with a fairly largish patch (although not quite so many changes
to object code).
First, it is unsafe to touch task->cap_* while not holding
task_capability_lock. The most notable occurrence of this is sys_access
which saves the current cap_* values, changes them, does its business,
then restores them. In between all this they can change and then be
restored to old values. Unfortunately we cannot just grab the lock here
since the function can sleep - I marked this with a FIXME for now.
Second, I formalized the locking rules with task_capability_lock. I
declared the lock in include/linux/capability.h so other code can grab
it.
Finally, there is a whole boatload of code cleanup:
- remove conditional locking/unlocking - that is just gross
- don't pointlessly grab the read_lock twice
- add/remove/edit comments
- change some types (int -> pid_t, etc)
- static inline two small functions that are called only
once each
- remove two FIXMEs
- general code cleanup for readability and performance
TODO:
- fix sys_access and other cap_* accesses
- do something about the annoying oddball 5-space indentation
in kernel/capability.c !!
Patch is against 2.5.20, please apply.
Robert Love
|
|
A few (anal) comment cleanups and additions in relationship to the new
task cpu affinity syscalls. All no brainers.
|
|
Big bits first, I'll redo the smaller bits tomorrow after some sleep.
Same as last time, rediffed against pre5
|
|
- Ivan Kokshaysky: fix alpha dec_and_lock with modules, for alpha config entry
- Kai Germaschewski: ISDN updates
- Jeff Garzik: network driver updates, sysv fs update
- Kai Mäkisara: SCSI tape update
- Alan Cox: large drivers merge
- Nikita Danilov: reiserfs procfs information
- Andrew Morton: ext3 merge
- Christoph Hellwig: vxfs livelock fix
- Trond Myklebust: NFS updates
- Jens Axboe: cpqarray + cciss dequeue fix
- Tim Waugh: parport_serial base_baud setting
- Matthew Dharm: usb-storage Freecom driver fixes
- Dave McCracken: wait4() thread group race fix
|
|
|
