From: "Serge E. Hallyn" <serue@us.ibm.com>
To: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: lkml <linux-kernel@vger.kernel.org>,
"Andrew G. Morgan" <morgan@kernel.org>,
Michael Kerrisk <mtk.manpages@gmail.com>,
Ulrich Drepper <drepper@redhat.com>,
linux-api@vger.kernel.org, James Morris <jmorris@namei.org>
Subject: Re: [PATCH resend] define convenient securebits masks for prctl users
Date: Thu, 29 Oct 2009 09:05:47 -0500 [thread overview]
Message-ID: <20091029140547.GC15713@us.ibm.com> (raw)
In-Reply-To: <20091029133306.0cb87521.sfr@canb.auug.org.au>
Quoting Stephen Rothwell (sfr@canb.auug.org.au):
> Hi Serge,
>
> On Wed, 28 Oct 2009 09:02:36 -0500 "Serge E. Hallyn" <serue@us.ibm.com> wrote:
> >
> > [ Are there any objections to exporting securebits.h? If not,
> > can this patch be pushed to linux-next? ]
>
> I am not sure which tree this belongs in? Maybe security-testing (James
> cc'd)?
I don't know why that didn't occur to me! Thanks, I'll pursue
that :)
> > diff --git a/include/linux/securebits.h b/include/linux/securebits.h
> > index d2c5ed8..9ad109e 100644
> > --- a/include/linux/securebits.h
> > +++ b/include/linux/securebits.h
> > @@ -1,6 +1,13 @@
> > #ifndef _LINUX_SECUREBITS_H
> > #define _LINUX_SECUREBITS_H 1
> >
> > +/* Each securesetting is implemented using two bits. One bit specifies
> > + whether the setting is on or off. The other bit specify whether the
> > + setting is locked or not. A setting which is locked cannot be
> > + changed from user-level. */
> > +#define issecure_mask(X) (1 << (X))
> > +#define issecure(X) (issecure_mask(X) & current_cred_xxx(securebits))
>
> You want this second define protected by ifdef __KERNEL__ ...
True, userspace doesn't need to see those. Will sanitize and resend.
thanks,
-serge
prev parent reply other threads:[~2009-10-29 14:05 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-28 14:02 [PATCH resend] define convenient securebits masks for prctl users Serge E. Hallyn
2009-10-28 14:02 ` Serge E. Hallyn
[not found] ` <20091028140236.GA8157-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-29 2:33 ` Stephen Rothwell
2009-10-29 2:33 ` Stephen Rothwell
2009-10-29 14:05 ` Serge E. Hallyn [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091029140547.GC15713@us.ibm.com \
--to=serue@us.ibm.com \
--cc=drepper@redhat.com \
--cc=jmorris@namei.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=morgan@kernel.org \
--cc=mtk.manpages@gmail.com \
--cc=sfr@canb.auug.org.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.