From: "Serge E. Hallyn" <serge@hallyn.com>
To: Matt Helsley <matthltc@us.ibm.com>
Cc: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>,
matthew@wil.cx,
Containers <containers@lists.linux-foundation.org>,
linux-fsdevel@vger.kernel.org, serue@us.ibm.com
Subject: Re: [PATCH 4/9][cr][v2]: Restore file_owner info
Date: Thu, 29 Jul 2010 14:00:59 -0500 [thread overview]
Message-ID: <20100729190059.GA12891@hallyn.com> (raw)
In-Reply-To: <20100728222032.GB5657@count0.beaverton.ibm.com>
Quoting Matt Helsley (matthltc@us.ibm.com):
> For reference, here's sigio_perm():
>
> static inline int sigio_perm(struct task_struct *p,
> struct fown_struct *fown, int sig)
> {
> const struct cred *cred;
> int ret;
>
> rcu_read_lock();
> cred = __task_cred(p);
> ret = ((fown->euid == 0 ||
> fown->euid == cred->suid || fown->euid == cred->uid ||
> fown->uid == cred->suid || fown->uid == cred->uid) &&
> !security_file_send_sigiotask(p, fown, sig));
> rcu_read_unlock();
> return ret;
> }
>
> [ My Notes: unlike check_kill_permission() it does not check CAP_KILL.
Right, that's bc we don't store capabilities in the fown_struct.
So fown->euid==0 is all we can do. Since this can be called from
interrupt, current is not useful.
> Also check_kill_permission() calls audit as if the signal is about to be
> delivered but sigio_perm() does not. ]
-serge
next prev parent reply other threads:[~2010-07-29 18:58 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-19 3:07 [PATCH 0/9][cr][v2]: C/R file owner and posix file locks Sukadev Bhattiprolu
[not found] ` <1274238452-15382-1-git-send-email-sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2010-05-19 3:07 ` [PATCH 1/9][cr][v2]: Add uid, euid params to f_modown() Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 2/9][cr][v2]: Add uid, euid params to __f_setown() Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 3/9][cr][v2]: Checkpoint file-owner information Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 4/9][cr][v2]: Restore file_owner info Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 5/9][cr][v2]: Move file_lock macros into linux/fs.h Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 6/9][cr][v2]: Checkpoint file-locks Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 7/9][cr][v2]: Define flock_set() Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 8/9][cr][v2]: Define flock64_set() Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 9/9][cr][v2]: Restore file-locks Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 1/9][cr][v2]: Add uid, euid params to f_modown() Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 2/9][cr][v2]: Add uid, euid params to __f_setown() Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 3/9][cr][v2]: Checkpoint file-owner information Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 4/9][cr][v2]: Restore file_owner info Sukadev Bhattiprolu
[not found] ` <1274238452-15382-5-git-send-email-sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2010-06-15 4:05 ` Oren Laadan
2010-06-15 4:05 ` Oren Laadan
[not found] ` <4C16FC14.1090001-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2010-07-28 19:25 ` Sukadev Bhattiprolu
2010-07-28 19:25 ` Sukadev Bhattiprolu
2010-07-28 22:20 ` Matt Helsley
[not found] ` <20100728222032.GB5657-52DBMbEzqgQ/wnmkkaCWp/UQ3DHhIser@public.gmane.org>
2010-07-29 19:00 ` Serge E. Hallyn
2010-07-29 19:00 ` Serge E. Hallyn [this message]
[not found] ` <20100728192503.GA14570-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-07-28 22:20 ` Matt Helsley
2010-05-19 3:07 ` [PATCH 5/9][cr][v2]: Move file_lock macros into linux/fs.h Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 6/9][cr][v2]: Checkpoint file-locks Sukadev Bhattiprolu
2010-06-15 4:13 ` Oren Laadan
[not found] ` <4C16FDE7.7050709-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2010-07-28 19:26 ` Sukadev Bhattiprolu
2010-07-28 19:26 ` Sukadev Bhattiprolu
[not found] ` <20100728192649.GB14570-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-07-28 19:42 ` Oren Laadan
[not found] ` <4C50882A.4000505-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2010-07-28 21:29 ` Sukadev Bhattiprolu
2010-07-28 21:29 ` Sukadev Bhattiprolu
[not found] ` <20100728212950.GA10505-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-07-28 23:39 ` Oren Laadan
2010-07-28 23:39 ` Oren Laadan
[not found] ` <1274238452-15382-7-git-send-email-sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2010-06-15 4:13 ` Oren Laadan
2010-05-19 3:07 ` [PATCH 7/9][cr][v2]: Define flock_set() Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 8/9][cr][v2]: Define flock64_set() Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 9/9][cr][v2]: Restore file-locks Sukadev Bhattiprolu
[not found] ` <1274238452-15382-10-git-send-email-sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2010-05-26 7:48 ` steve-TMeXKDtMCpxBDgjK7y7TUQ
2010-05-26 7:48 ` steve
[not found] ` <20100526074811.GA19011-L+fFT9D4jFrt+F9gAGD92AC/G2K4zDHf@public.gmane.org>
2010-05-26 23:57 ` Sukadev Bhattiprolu
2010-05-26 23:57 ` Sukadev Bhattiprolu
[not found] ` <20100526235713.GA12768-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-06-15 4:22 ` Oren Laadan
2010-06-15 4:22 ` Oren Laadan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100729190059.GA12891@hallyn.com \
--to=serge@hallyn.com \
--cc=containers@lists.linux-foundation.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=matthew@wil.cx \
--cc=matthltc@us.ibm.com \
--cc=serue@us.ibm.com \
--cc=sukadev@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.