From: akpm@linux-foundation.org
To: mm-commits@vger.kernel.org
Cc: morgan@kernel.org, casey@schaufler-ca.com, chrisw@sous-sol.org,
jmorris@namei.org, sds@tycho.nsa.gov, serue@us.ibm.com
Subject: + add-64-bit-capability-support-to-the-kernel-fix-modify-old-libcap-warning-message.patch added to -mm tree
Date: Mon, 26 Nov 2007 21:02:34 -0800 [thread overview]
Message-ID: <200711270502.lAR52Yvc028030@imap1.linux-foundation.org> (raw)
The patch titled
Modify 'old libcap' warning message
has been added to the -mm tree. Its filename is
add-64-bit-capability-support-to-the-kernel-fix-modify-old-libcap-warning-message.patch
*** Remember to use Documentation/SubmitChecklist when testing your code ***
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
------------------------------------------------------
Subject: Modify 'old libcap' warning message
From: Andrew Morgan <morgan@kernel.org>
When an application (usually via libcap) attempts to use 32-bit
capabilities when the kernel supports 64-bit capabilities, we log a kernel
warning. We do this exactly once per kernel boot. The warning is just
that - the kernel should be able to transparently handle 32-bit capability
use. The application will remain limited in the capabilities that it can
manipulate until it is relinked with libcap2.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Cc: Andrew Morgan <morgan@kernel.org>
Cc: Casey Schaufler <casey@schaufler-ca.com>
Cc: Chris Wright <chrisw@sous-sol.org>
Cc: James Morris <jmorris@namei.org>
Cc: Serge Hallyn <serue@us.ibm.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
kernel/capability.c | 36 ++++++++++++++++++++++--------------
1 file changed, 22 insertions(+), 14 deletions(-)
diff -puN kernel/capability.c~add-64-bit-capability-support-to-the-kernel-fix-modify-old-libcap-warning-message kernel/capability.c
--- a/kernel/capability.c~add-64-bit-capability-support-to-the-kernel-fix-modify-old-libcap-warning-message
+++ a/kernel/capability.c
@@ -30,6 +30,26 @@ const kernel_cap_t __cap_full_set = CAP_
const kernel_cap_t __cap_init_eff_set = CAP_INIT_EFF_SET;
/*
+ * More recent versions of libcap are available from:
+ *
+ * http://www.kernel.org/pub/linux/libs/security/linux-privs/
+ */
+
+static void warn_legacy_capability_use(void)
+{
+ static int warned = 0;
+ if (!warned) {
+ char name[sizeof(current->comm)];
+
+ printk(KERN_INFO "warning: `%s' uses 32-bit capabilities"
+ " (legacy support in use)\n",
+ get_task_comm(name, current));
+ warned = 1;
+ }
+ return;
+}
+
+/*
* For sys_getproccap() and sys_setproccap(), any of the three
* capability set pointers may be NULL -- indicating that that set is
* uninteresting and/or not to be changed.
@@ -59,12 +79,7 @@ asmlinkage long sys_capget(cap_user_head
switch (version) {
case _LINUX_CAPABILITY_VERSION_1:
- if (warned < 5) {
- warned++;
- printk(KERN_INFO
- "warning: process `%s' gets w/ old libcap\n",
- current->comm);
- }
+ warn_legacy_capability_use();
tocopy = _LINUX_CAPABILITY_U32S_1;
break;
case _LINUX_CAPABILITY_VERSION_2:
@@ -210,7 +225,6 @@ static inline int cap_set_all(kernel_cap
*/
asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data)
{
- static int warned;
struct __user_cap_data_struct kdata[_LINUX_CAPABILITY_U32S];
unsigned i, tocopy;
kernel_cap_t inheritable, permitted, effective;
@@ -224,13 +238,7 @@ asmlinkage long sys_capset(cap_user_head
switch (version) {
case _LINUX_CAPABILITY_VERSION_1:
- if (warned < 5) {
- char name[sizeof(current->comm)];
- warned++;
- printk(KERN_INFO
- "warning: process `%s' sets w/ old libcap\n",
- get_task_comm(name, current));
- }
+ warn_legacy_capability_use();
tocopy = _LINUX_CAPABILITY_U32S_1;
break;
case _LINUX_CAPABILITY_VERSION_2:
_
Patches currently in -mm which might be from morgan@kernel.org are
file-capabilities-allow-sigcont-within-session-v2.patch
revert-capabilities-clean-up-file-capability-reading.patch
revert-capabilities-clean-up-file-capability-reading-checkpatch-fixes.patch
add-64-bit-capability-support-to-the-kernel.patch
add-64-bit-capability-support-to-the-kernel-checkpatch-fixes.patch
add-64-bit-capability-support-to-the-kernel-fix.patch
add-64-bit-capability-support-to-the-kernel-fix-fix.patch
add-64-bit-capability-support-to-the-kernel-fix-modify-old-libcap-warning-message.patch
64bit-capability-support-legacy-support-fix.patch
remove-unnecessary-include-from-include-linux-capabilityh.patch
smack-version-11c-simplified-mandatory-access-control-kernel.patch
reply other threads:[~2007-11-27 5:03 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200711270502.lAR52Yvc028030@imap1.linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=casey@schaufler-ca.com \
--cc=chrisw@sous-sol.org \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mm-commits@vger.kernel.org \
--cc=morgan@kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.