From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Serge E. Hallyn" Subject: Re: [PATCH 4/9][cr][v2]: Restore file_owner info Date: Thu, 29 Jul 2010 14:00:59 -0500 Message-ID: <20100729190059.GA12891@hallyn.com> References: <1274238452-15382-1-git-send-email-sukadev@linux.vnet.ibm.com> <1274238452-15382-5-git-send-email-sukadev@linux.vnet.ibm.com> <4C16FC14.1090001@cs.columbia.edu> <20100728192503.GA14570@us.ibm.com> <20100728222032.GB5657@count0.beaverton.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Sukadev Bhattiprolu , matthew@wil.cx, Containers , linux-fsdevel@vger.kernel.org, serue@us.ibm.com To: Matt Helsley Return-path: Received: from hrndva-omtalb.mail.rr.com ([71.74.56.123]:53757 "EHLO hrndva-omtalb.mail.rr.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754848Ab0G2S6o (ORCPT ); Thu, 29 Jul 2010 14:58:44 -0400 Content-Disposition: inline In-Reply-To: <20100728222032.GB5657@count0.beaverton.ibm.com> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: Quoting Matt Helsley (matthltc@us.ibm.com): > For reference, here's sigio_perm(): > > static inline int sigio_perm(struct task_struct *p, > struct fown_struct *fown, int sig) > { > const struct cred *cred; > int ret; > > rcu_read_lock(); > cred = __task_cred(p); > ret = ((fown->euid == 0 || > fown->euid == cred->suid || fown->euid == cred->uid || > fown->uid == cred->suid || fown->uid == cred->uid) && > !security_file_send_sigiotask(p, fown, sig)); > rcu_read_unlock(); > return ret; > } > > [ My Notes: unlike check_kill_permission() it does not check CAP_KILL. Right, that's bc we don't store capabilities in the fown_struct. So fown->euid==0 is all we can do. Since this can be called from interrupt, current is not useful. > Also check_kill_permission() calls audit as if the signal is about to be > delivered but sigio_perm() does not. ] -serge