From: "Serge E. Hallyn" <serge@hallyn.com>
To: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Andrew Morton <akpm@osdl.org>, Oleg Nesterov <oleg@redhat.com>,
LSM <linux-security-module@vger.kernel.org>,
James Morris <jmorris@namei.org>,
Kees Cook <kees.cook@canonical.com>,
containers@lists.linux-foundation.org,
kernel list <linux-kernel@vger.kernel.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Alexey Dobriyan <adobriyan@gmail.com>,
Michael Kerrisk <mtk.manpages@gmail.com>,
xemul@parallels.com, dhowells@redhat.com,
Daniel Lezcano <daniel.lezcano@free.fr>
Subject: [PATCH 5/4] Clean up capability.h and capability.c
Date: Thu, 24 Feb 2011 00:22:49 +0000 [thread overview]
Message-ID: <20110224002249.GA28659@mail.hallyn.com> (raw)
In-Reply-To: <20110221040156.GA12580@mail.hallyn.com>
Convert macros to functions to let type safety do its thing. Switch
some functions from ints to more appropriate bool. Move all forward
declarations together to top of the #ifdef __KERNEL__ section. Use
kernel-doc format for comments.
Some macros couldn't be converted because they use functions from
security.h which sometimes are extern and sometimes static inline,
and we don't want to #include security.h in capability.h.
Also add a real current_user_ns function (and convert the existing
macro to _current_user_ns() so we can use it in capability.h
without #including cred.h.
Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com>
---
include/linux/capability.h | 38 ++++++++++++++++++++++++++------------
include/linux/cred.h | 4 +++-
kernel/capability.c | 20 ++++++++++++--------
kernel/cred.c | 5 +++++
4 files changed, 46 insertions(+), 21 deletions(-)
diff --git a/include/linux/capability.h b/include/linux/capability.h
index bc0f262..688462f 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -368,6 +368,17 @@ struct cpu_vfs_cap_data {
#ifdef __KERNEL__
+struct dentry;
+struct user_namespace;
+
+extern struct user_namespace init_user_ns;
+
+struct user_namespace *current_user_ns(void);
+
+extern const kernel_cap_t __cap_empty_set;
+extern const kernel_cap_t __cap_full_set;
+extern const kernel_cap_t __cap_init_eff_set;
+
/*
* Internal kernel functions only
*/
@@ -530,10 +541,6 @@ static inline kernel_cap_t cap_raise_nfsd_set(const kernel_cap_t a,
cap_intersect(permitted, __cap_nfsd_set));
}
-extern const kernel_cap_t __cap_empty_set;
-extern const kernel_cap_t __cap_full_set;
-extern const kernel_cap_t __cap_init_eff_set;
-
/**
* has_capability - Determine if a task has a superior capability available
* @t: The task in question
@@ -560,18 +567,25 @@ extern const kernel_cap_t __cap_init_eff_set;
* Note that this does not set PF_SUPERPRIV on the task.
*/
#define has_capability_noaudit(t, cap) \
- (security_real_capable_noaudit((t), &init_user_ns, (cap)) == 0)
+ (security_real_capable_noaudit((t), &init_user_ns, (cap)) == 0)
-struct user_namespace;
-extern struct user_namespace init_user_ns;
-extern int capable(int cap);
-extern int ns_capable(struct user_namespace *ns, int cap);
-extern int task_ns_capable(struct task_struct *t, int cap);
+extern bool capable(int cap);
+extern bool ns_capable(struct user_namespace *ns, int cap);
+extern bool task_ns_capable(struct task_struct *t, int cap);
-#define nsown_capable(cap) (ns_capable(current_user_ns(), (cap)))
+/**
+ * nsown_capable - Check superior capability to one's own user_ns
+ * @cap: The capability in question
+ *
+ * Return true if the current task has the given superior capability
+ * targeted at its own user namespace.
+ */
+static inline bool nsown_capable(int cap)
+{
+ return ns_capable(current_user_ns(), cap);
+}
/* audit system wants to get cap info from files as well */
-struct dentry;
extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
#endif /* __KERNEL__ */
diff --git a/include/linux/cred.h b/include/linux/cred.h
index 4aaeab3..9aeeb0b 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -354,9 +354,11 @@ static inline void put_cred(const struct cred *_cred)
#define current_fsgid() (current_cred_xxx(fsgid))
#define current_cap() (current_cred_xxx(cap_effective))
#define current_user() (current_cred_xxx(user))
-#define current_user_ns() (current_cred_xxx(user)->user_ns)
+#define _current_user_ns() (current_cred_xxx(user)->user_ns)
#define current_security() (current_cred_xxx(security))
+extern struct user_namespace *current_user_ns(void);
+
#define current_uid_gid(_uid, _gid) \
do { \
const struct cred *__cred; \
diff --git a/kernel/capability.c b/kernel/capability.c
index 916658c..0a3d2c8 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -300,7 +300,7 @@ error:
* This sets PF_SUPERPRIV on the task if the capability is available on the
* assumption that it's about to be used.
*/
-int capable(int cap)
+bool capable(int cap)
{
return ns_capable(&init_user_ns, cap);
}
@@ -317,7 +317,7 @@ EXPORT_SYMBOL(capable);
* This sets PF_SUPERPRIV on the task if the capability is available on the
* assumption that it's about to be used.
*/
-int ns_capable(struct user_namespace *ns, int cap)
+bool ns_capable(struct user_namespace *ns, int cap)
{
if (unlikely(!cap_valid(cap))) {
printk(KERN_CRIT "capable() called with invalid cap=%u\n", cap);
@@ -326,17 +326,21 @@ int ns_capable(struct user_namespace *ns, int cap)
if (security_capable(ns, current_cred(), cap) == 0) {
current->flags |= PF_SUPERPRIV;
- return 1;
+ return true;
}
- return 0;
+ return false;
}
EXPORT_SYMBOL(ns_capable);
-/*
- * does current have capability 'cap' to the user namespace of task
- * 't'. Return true if it does, false otherwise.
+/**
+ * task_ns_capable - Determine whether current task has a superior
+ * capability targeted at a specific task's user namespace.
+ * @t: The task whose user namespace is targeted.
+ * @cap: The capability in question.
+ *
+ * Return true if it does, false otherwise.
*/
-int task_ns_capable(struct task_struct *t, int cap)
+bool task_ns_capable(struct task_struct *t, int cap)
{
return ns_capable(task_cred_xxx(t, user)->user_ns, cap);
}
diff --git a/kernel/cred.c b/kernel/cred.c
index 3a9d6dd..e447fa2 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -741,6 +741,11 @@ int set_create_files_as(struct cred *new, struct inode *inode)
}
EXPORT_SYMBOL(set_create_files_as);
+struct user_namespace *current_user_ns(void)
+{
+ return _current_user_ns();
+}
+
#ifdef CONFIG_DEBUG_CREDENTIALS
bool creds_are_invalid(const struct cred *cred)
--
1.7.0.4
next prev parent reply other threads:[~2011-02-24 0:22 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-21 4:01 [PATCH 1/4] userns: let clone_uts_ns() handle setting uts->user_ns Serge E. Hallyn
2011-02-21 4:02 ` [PATCH 2/4] userns: let copy_ipcs handle setting ipc_ns->user_ns Serge E. Hallyn
2011-02-21 10:05 ` Daniel Lezcano
[not found] ` <20110221040230.GB12580-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-02-21 10:05 ` Daniel Lezcano
2011-02-24 0:22 ` Serge E. Hallyn
2011-02-24 0:22 ` Serge E. Hallyn
[not found] ` <20110224002204.GB27640-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-02-24 9:55 ` Daniel Lezcano
2011-02-24 9:55 ` Daniel Lezcano
2011-02-21 4:02 ` [PATCH 3/4] Add the required user_ns parameter to security_capable Serge E. Hallyn
2011-02-21 4:05 ` [PATCH 4/4] userns: uts and ipc: fix checkpatch warning Serge E. Hallyn
2011-02-21 10:03 ` [PATCH 1/4] userns: let clone_uts_ns() handle setting uts->user_ns Daniel Lezcano
2011-02-21 13:41 ` Oleg Nesterov
2011-02-21 13:58 ` Serge E. Hallyn
[not found] ` <20110221135803.GA15871-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-02-21 14:23 ` Daniel Lezcano
2011-02-21 14:23 ` Daniel Lezcano
[not found] ` <20110221134129.GA15563-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-02-21 13:58 ` Serge E. Hallyn
[not found] ` <4D623886.3010505-GANU6spQydw@public.gmane.org>
2011-02-21 13:41 ` Oleg Nesterov
2011-02-24 0:21 ` Serge E. Hallyn
2011-02-24 9:54 ` Daniel Lezcano
[not found] ` <20110224002141.GA27640-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-02-24 9:54 ` Daniel Lezcano
[not found] ` <20110221040156.GA12580-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-02-21 4:02 ` [PATCH 2/4] userns: let copy_ipcs handle setting ipc_ns->user_ns Serge E. Hallyn
2011-02-21 4:02 ` [PATCH 3/4] Add the required user_ns parameter to security_capable Serge E. Hallyn
2011-02-21 4:05 ` [PATCH 4/4] userns: uts and ipc: fix checkpatch warning Serge E. Hallyn
2011-02-21 10:03 ` [PATCH 1/4] userns: let clone_uts_ns() handle setting uts->user_ns Daniel Lezcano
2011-02-24 0:21 ` Serge E. Hallyn
2011-02-24 0:22 ` [PATCH 5/4] Clean up capability.h and capability.c Serge E. Hallyn
2011-02-24 0:22 ` Serge E. Hallyn [this message]
2011-02-24 9:56 ` Daniel Lezcano
[not found] ` <20110224002249.GA28659-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-02-24 9:56 ` Daniel Lezcano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110224002249.GA28659@mail.hallyn.com \
--to=serge@hallyn.com \
--cc=adobriyan@gmail.com \
--cc=akpm@osdl.org \
--cc=containers@lists.linux-foundation.org \
--cc=daniel.lezcano@free.fr \
--cc=dhowells@redhat.com \
--cc=ebiederm@xmission.com \
--cc=jmorris@namei.org \
--cc=kees.cook@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mtk.manpages@gmail.com \
--cc=oleg@redhat.com \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.