From: Maximilian Attems <max@stro.at>
To: Mike Waychison <mikew@google.com>
Cc: "Andrew G. Morgan" <agm@google.com>,
Eric Northup <digitaleric@google.com>,
Alan Cox <alan@lxorguk.ukuu.org.uk>,
"H. Peter Anvin" <hpa@zytor.com>,
Eric Paris <eparis@parisplace.org>,
klibc@zytor.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v1 1/2] syscalls: Add capset and capget
Date: Fri, 29 Jul 2011 22:41:16 +0200 [thread overview]
Message-ID: <20110729204116.GA3207@stro.at> (raw)
In-Reply-To: <20110719203848.646.62196.stgit@mike2.sea.corp.google.com>
On Tue, 19 Jul 2011, Mike Waychison wrote:
> Add the capset and capget system calls to klibc so that userland can
> invoke them.
>
> Signed-off-by: Mike Waychison <mikew@google.com>
> ---
> usr/include/sys/capability.h | 10 ++++++++++
> usr/klibc/SYSCALLS.def | 6 ++++++
> usr/klibc/syscalls/syscommon.h | 1 +
> 3 files changed, 17 insertions(+), 0 deletions(-)
> create mode 100644 usr/include/sys/capability.h
>
> diff --git a/usr/include/sys/capability.h b/usr/include/sys/capability.h
> new file mode 100644
> index 0000000..84ad419
> --- /dev/null
> +++ b/usr/include/sys/capability.h
> @@ -0,0 +1,10 @@
> +#ifndef _SYS_CAPABILITY_H
> +#define _SYS_CAPABILITY_H
> +
> +#include <klibc/extern.h>
> +#include <linux/capability.h>
> +
> +__extern int capget(cap_user_header_t hdrp, cap_user_data_t datap);
> +__extern int capset(cap_user_header_t hdrp, const cap_user_data_t datap);
> +
> +#endif /* _SYS_CAPABILITY_H */
> diff --git a/usr/klibc/SYSCALLS.def b/usr/klibc/SYSCALLS.def
> index d3279c7..ee3ffa9 100644
> --- a/usr/klibc/SYSCALLS.def
> +++ b/usr/klibc/SYSCALLS.def
> @@ -77,6 +77,12 @@ int setfsgid32,setfsgid::setfsgid(gid_t);
> int setresuid32,setresuid::setresuid(int, uid_t, uid_t, uid_t);
>
> /*
> + * POSIX Capabilities
> + */
> +int capget(cap_user_header_t, cap_user_data_t);
> +int capset(cap_user_header_t, cap_user_data_t);
> +
> +/*
> * Filesystem-related system calls
> */
> int mount(const char *, const char *, const char *, unsigned long, const void *);
> diff --git a/usr/klibc/syscalls/syscommon.h b/usr/klibc/syscalls/syscommon.h
> index 0acae12..78f8858 100644
> --- a/usr/klibc/syscalls/syscommon.h
> +++ b/usr/klibc/syscalls/syscommon.h
> @@ -12,6 +12,7 @@
>
> #include <poll.h>
> #include <sched.h>
> +#include <sys/capability.h>
> #include <sys/dirent.h>
> #include <sys/klog.h>
> #include <sys/mman.h>
this looks good to me.
thanks will add to klibc repo soonest.
--
maks
next prev parent reply other threads:[~2011-07-29 20:45 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-19 20:38 [PATCH v1 0/2] Support dropping of capabilities from early userspace Mike Waychison
2011-07-19 20:38 ` [PATCH v1 1/2] syscalls: Add capset and capget Mike Waychison
2011-07-29 20:41 ` Maximilian Attems [this message]
2011-07-29 23:06 ` Maximilian Attems
2011-07-19 20:38 ` [PATCH v1 2/2] run-init: Add drop_capabilities support Mike Waychison
2011-07-29 20:45 ` Maximilian Attems
2011-07-29 20:46 ` Mike Waychison
2011-08-02 21:09 ` Maximilian Attems
2011-08-02 21:42 ` Mike Waychison
2011-08-02 22:50 ` Andrew G. Morgan
2011-08-02 22:56 ` Mike Waychison
2011-08-02 23:37 ` Mike Waychison
2011-08-03 0:48 ` H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110729204116.GA3207@stro.at \
--to=max@stro.at \
--cc=agm@google.com \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=digitaleric@google.com \
--cc=eparis@parisplace.org \
--cc=hpa@zytor.com \
--cc=klibc@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mikew@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.