From: "Serge E. Hallyn" <serue@us.ibm.com>
To: Eric Paris <eparis@redhat.com>
Cc: linux-kernel@vger.kernel.org, linux-audit@redhat.com,
sgrubb@redhat.com, morgan@kernel.org, viro@ZenIV.linux.org.uk
Subject: Re: [PATCH -v3 1/5] Capabilities: document the order of arguments to cap_issubset
Date: Mon, 10 Nov 2008 08:28:10 -0600 [thread overview]
Message-ID: <20081110142810.GA11561@us.ibm.com> (raw)
In-Reply-To: <20081107151355.9977.47852.stgit@paris.rdu.redhat.com>
Quoting Eric Paris (eparis@redhat.com):
> Document the order of arguments for cap_issubset. It's not instantly clear
> which order the argument should be in. So give an example.
>
> Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Thanks, Eric.
-serge
> ---
>
> include/linux/capability.h | 7 +++++++
> 1 files changed, 7 insertions(+), 0 deletions(-)
>
> diff --git a/include/linux/capability.h b/include/linux/capability.h
> index 9d1fe30..9f44150 100644
> --- a/include/linux/capability.h
> +++ b/include/linux/capability.h
> @@ -454,6 +454,13 @@ static inline int cap_isclear(const kernel_cap_t a)
> return 1;
> }
>
> +/*
> + * Check if "a" is a subset of "set".
> + * return 1 if ALL of the capabilities in "a" are also in "set"
> + * cap_issubset(0101, 1111) will return 1
> + * return 0 if ANY of the capabilities in "a" are not in "set"
> + * cap_issubset(1111, 0101) will return 0
> + */
> static inline int cap_issubset(const kernel_cap_t a, const kernel_cap_t set)
> {
> kernel_cap_t dest;
prev parent reply other threads:[~2008-11-10 14:28 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-07 15:13 [PATCH -v3 1/5] Capabilities: document the order of arguments to cap_issubset Eric Paris
2008-11-07 15:13 ` Eric Paris
2008-11-07 15:14 ` [PATCH -v3 2/5] CAPABILITIES: add cpu endian vfs caps structure Eric Paris
2008-11-07 15:14 ` Eric Paris
2008-11-07 15:14 ` [PATCH -v3 3/5] AUDIT: output permitted and inheritable fcaps in PATH records Eric Paris
2008-11-07 15:14 ` Eric Paris
2008-11-10 14:46 ` Serge E. Hallyn
2008-11-07 15:14 ` [PATCH -v3 4/5] AUDIT: collect info when execve results in caps in pE Eric Paris
2008-11-07 15:14 ` Eric Paris
2008-11-10 14:53 ` Serge E. Hallyn
2008-11-07 15:14 ` [PATCH -v3 5/5] AUDIT: emit new record type showing all capset information Eric Paris
2008-11-07 15:14 ` Eric Paris
2008-11-10 14:55 ` Serge E. Hallyn
2008-11-10 14:55 ` Serge E. Hallyn
2008-11-10 14:28 ` Serge E. Hallyn [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081110142810.GA11561@us.ibm.com \
--to=serue@us.ibm.com \
--cc=eparis@redhat.com \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=morgan@kernel.org \
--cc=sgrubb@redhat.com \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.