| Age | Commit message (Collapse) | Author |
|---|
|
- Move capable() from sched.h to capability.h;
- Use <linux/capability.h> where capable() is used
(in include/, block/, ipc/, kernel/, a few drivers/,
mm/, security/, & sound/;
many more drivers/ to go)
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
Add kerneldoc to kernel/capability.c
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
This is a megarollup of ~60 patches which give various things static scope.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
Kernel core files converted to use the new lock initializers.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
In the current kernel/capability.c:sys_capset() code, permission is
denied if CAP_SETPCAP is not held and pid is positive. pid=0 means use
the current process, and this is allowed. But using the current
process' pid is not allowed. The man page for capsetp simply says that
CAP_SETPCAP is required to use this function, and does not mention the
exception for pid=0.
The current behavior seems inconsistent. The attached patch also
allows a process to call capset() on itself.
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
The attached patch removes checks from kernel/capability.c which are
redundant with cap_capset_check() code, and moves the capset_check() calls
to immediately before the capset_set() calls. This allows capset_check()
to accurately check the setter's permission to set caps on the target.
Please apply.
Signed-off-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
I found that the prototypes for sys_waitid and sys_fcntl in
<linux/syscalls.h> don't match the implementation. In order to keep all
prototypes in sync in the future, now include the header from each file
implementing any syscall.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
This patch fixes strange and obscure pid implementation in current kernels:
- it removes calling of put_task_struct() from detach_pid()
under tasklist_lock. This allows to use blocking calls
in security_task_free() hooks (in __put_task_struct()).
- it saves some space = 5*5 ints = 100 bytes in task_struct
- it's smaller and tidy, more straigthforward and doesn't use
any knowledge about pids using and assignment.
- it removes pid_links and pid_struct doesn't hold reference counters
on task_struct. instead, new pid_structs and linked altogether and
only one of them is inserted in hash_list.
Signed-off-by: Kirill Korotaev (kksx@mail.ru)
Signed-off-by: William Irwin <wli@holomorphy.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
|
|
cap_set_pg() wants to find all processes in a given process group. This
converts it to use for_each_task_pid().
|
|
|
|
This removes the code from cap_sysget that fills out the capability set
being returned to userspace. The module handles this in a policy
specific way. This updates the dummy.c module to fill in return data
according to superuser policy, and also disables setting capabilities in
superuser policy.
|
|
|
|
|
|
security calls in them.
This is needed for the next patches that change the way the security calls work.
|
|
I fixed up the 'remove thread group inferiors from the tasklist' patch. I
think i managed to find a reasonably good construct to iterate over all
threads:
do_each_thread(g, p) {
...
} while_each_thread(g, p);
the only caveat with this is that the construct suggests a single-loop -
while it's two loops internally - and 'break' will not work. I added a
comment to sched.h that warns about this, but perhaps it would help more
to have naming that suggests two loops:
for_each_process_do_each_thread(g, p) {
...
} while_each_thread(g, p);
but this looks a bit too long. I dont know. We might as well use it all
unrolled and no helper macros - although with the above construct it's
pretty straightforward to iterate over all threads in the system.
|
|
|
|
Apparently my understanding of C brace rules was blurred and there is a
thinko in kernel/capability.c - what we want is what the indention
reflects but what we get is an unconditional return of -EINVAL.
|
|
I started looking into a couple FIXMEs in kernel/capability.c and I
ended up with a fairly largish patch (although not quite so many changes
to object code).
First, it is unsafe to touch task->cap_* while not holding
task_capability_lock. The most notable occurrence of this is sys_access
which saves the current cap_* values, changes them, does its business,
then restores them. In between all this they can change and then be
restored to old values. Unfortunately we cannot just grab the lock here
since the function can sleep - I marked this with a FIXME for now.
Second, I formalized the locking rules with task_capability_lock. I
declared the lock in include/linux/capability.h so other code can grab
it.
Finally, there is a whole boatload of code cleanup:
- remove conditional locking/unlocking - that is just gross
- don't pointlessly grab the read_lock twice
- add/remove/edit comments
- change some types (int -> pid_t, etc)
- static inline two small functions that are called only
once each
- remove two FIXMEs
- general code cleanup for readability and performance
TODO:
- fix sys_access and other cap_* accesses
- do something about the annoying oddball 5-space indentation
in kernel/capability.c !!
Patch is against 2.5.20, please apply.
Robert Love
|
|
- Kai Germaschewski: ISDN updates
- Al Viro: start moving buffer cache indexing to "struct block_device *"
- Greg KH: USB update
- Russell King: fix up some ARM merge issues
- Ingo Molnar: scalable scheduler
|
|
|
