| Age | Commit message (Collapse) | Author |
|---|
|
cap_set_pg() wants to find all processes in a given process group. This
converts it to use for_each_task_pid().
|
|
|
|
This removes the code from cap_sysget that fills out the capability set
being returned to userspace. The module handles this in a policy
specific way. This updates the dummy.c module to fill in return data
according to superuser policy, and also disables setting capabilities in
superuser policy.
|
|
|
|
|
|
security calls in them.
This is needed for the next patches that change the way the security calls work.
|
|
I fixed up the 'remove thread group inferiors from the tasklist' patch. I
think i managed to find a reasonably good construct to iterate over all
threads:
do_each_thread(g, p) {
...
} while_each_thread(g, p);
the only caveat with this is that the construct suggests a single-loop -
while it's two loops internally - and 'break' will not work. I added a
comment to sched.h that warns about this, but perhaps it would help more
to have naming that suggests two loops:
for_each_process_do_each_thread(g, p) {
...
} while_each_thread(g, p);
but this looks a bit too long. I dont know. We might as well use it all
unrolled and no helper macros - although with the above construct it's
pretty straightforward to iterate over all threads in the system.
|
|
|
|
Apparently my understanding of C brace rules was blurred and there is a
thinko in kernel/capability.c - what we want is what the indention
reflects but what we get is an unconditional return of -EINVAL.
|
|
I started looking into a couple FIXMEs in kernel/capability.c and I
ended up with a fairly largish patch (although not quite so many changes
to object code).
First, it is unsafe to touch task->cap_* while not holding
task_capability_lock. The most notable occurrence of this is sys_access
which saves the current cap_* values, changes them, does its business,
then restores them. In between all this they can change and then be
restored to old values. Unfortunately we cannot just grab the lock here
since the function can sleep - I marked this with a FIXME for now.
Second, I formalized the locking rules with task_capability_lock. I
declared the lock in include/linux/capability.h so other code can grab
it.
Finally, there is a whole boatload of code cleanup:
- remove conditional locking/unlocking - that is just gross
- don't pointlessly grab the read_lock twice
- add/remove/edit comments
- change some types (int -> pid_t, etc)
- static inline two small functions that are called only
once each
- remove two FIXMEs
- general code cleanup for readability and performance
TODO:
- fix sys_access and other cap_* accesses
- do something about the annoying oddball 5-space indentation
in kernel/capability.c !!
Patch is against 2.5.20, please apply.
Robert Love
|
|
- Kai Germaschewski: ISDN updates
- Al Viro: start moving buffer cache indexing to "struct block_device *"
- Greg KH: USB update
- Russell King: fix up some ARM merge issues
- Ingo Molnar: scalable scheduler
|
|
|
