From: "Andrew G. Morgan" <morgan@kernel.org>
To: serge@hallyn.com
Cc: Andrew Morton <akpm@linux-foundation.org>,
Linux Security Modules List
<linux-security-module@vger.kernel.org>,
linux-kernel@vger.kernel.org,
"Serge E. Hallyn" <serue@us.ibm.com>
Subject: Re: [PATCH] per-process securebits
Date: Sat, 02 Feb 2008 22:11:18 -0800 [thread overview]
Message-ID: <47A55B06.3060707@kernel.org> (raw)
In-Reply-To: <20080201201526.GA4684@vino.hallyn.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
serge@hallyn.com wrote:
| Quoting Andrew G. Morgan (morgan@kernel.org):
|> -----BEGIN PGP SIGNED MESSAGE-----
|> Hash: SHA1
|>
|> Here is the patch to add per-process securebits.
|>
|> Its all code that lives inside the capability LSM and the new securebits
|> implementation is only active if CONFIG_SECURITY_FILE_CAPABILITIES is
|> enabled (it doesn't make much sense to support this feature without
|> filesystem capabilities).
|>
|> The patch assumes the CAP_SETPCAP fix of last week, but is otherwise on
|> top of 2.6.24-rc8-mm1.
|
| Hey Andrew, I'm about to set up some ltp tests, but noticed the
| following patch is needed on top of yours.
Sorry about that. I'm guessing you have a more pedantic compiler than
mine (x86_64)!
Acked-by: Andrew G. Morgan <morgan@kernel.org>
Cheers
Andrew
|
| -serge
|
|>From feac61b47be8375e25b0f6ee876cf096c8b1b9cc Mon Sep 17 00:00:00 2001
| From: Serge E. Hallyn <serue@us.ibm.com>
| Date: Fri, 1 Feb 2008 14:13:29 +0000
| Subject: [PATCH 1/1] per-process securebits: security_task_prctl takes
a long
|
| Fix a mismatch between prototypes and callers for the updated
| security_task_prctl(). The newly introduced argument, error,
| is a long, not an int.
|
| Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
| ---
| include/linux/security.h | 8 ++++----
| security/commoncap.c | 4 ++--
| security/dummy.c | 2 +-
| security/security.c | 2 +-
| security/selinux/hooks.c | 2 +-
| 5 files changed, 9 insertions(+), 9 deletions(-)
|
| diff --git a/include/linux/security.h b/include/linux/security.h
| index c550079..c789a0d 100644
| --- a/include/linux/security.h
| +++ b/include/linux/security.h
| @@ -63,7 +63,7 @@ extern int cap_task_post_setuid (uid_t old_ruid,
uid_t old_euid, uid_t old_suid,
| extern void cap_task_reparent_to_init (struct task_struct *p);
| extern int cap_task_kill(struct task_struct *p, struct siginfo *info,
int sig, u32 secid);
| extern int cap_task_prctl(int option, unsigned long arg2, unsigned
long arg3,
| - unsigned long arg4, unsigned long arg5, int *rc_p);
| + unsigned long arg4, unsigned long arg5, long *rc_p);
| extern int cap_task_setscheduler (struct task_struct *p, int policy,
struct sched_param *lp);
| extern int cap_task_setioprio (struct task_struct *p, int ioprio);
| extern int cap_task_setnice (struct task_struct *p, int nice);
| @@ -1348,7 +1348,7 @@ struct security_operations {
| int (*task_wait) (struct task_struct * p);
| int (*task_prctl) (int option, unsigned long arg2,
| unsigned long arg3, unsigned long arg4,
| - unsigned long arg5, int *rc_p);
| + unsigned long arg5, long *rc_p);
| void (*task_reparent_to_init) (struct task_struct * p);
| void (*task_to_inode)(struct task_struct *p, struct inode *inode);
|
| @@ -1602,7 +1602,7 @@ int security_task_kill(struct task_struct *p,
struct siginfo *info,
| int sig, u32 secid);
| int security_task_wait(struct task_struct *p);
| int security_task_prctl(int option, unsigned long arg2, unsigned long
arg3,
| - unsigned long arg4, unsigned long arg5, int *rc_p);
| + unsigned long arg4, unsigned long arg5, long *rc_p);
| void security_task_reparent_to_init(struct task_struct *p);
| void security_task_to_inode(struct task_struct *p, struct inode *inode);
| int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
| @@ -2151,7 +2151,7 @@ static inline int security_task_wait (struct
task_struct *p)
| static inline int security_task_prctl (int option, unsigned long arg2,
| unsigned long arg3,
| unsigned long arg4,
| - unsigned long arg5, int *rc_p)
| + unsigned long arg5, long *rc_p)
| {
| return 0;
| }
| diff --git a/security/commoncap.c b/security/commoncap.c
| index 9b87182..858387a 100644
| --- a/security/commoncap.c
| +++ b/security/commoncap.c
| @@ -611,9 +611,9 @@ int cap_task_kill(struct task_struct *p, struct
siginfo *info,
| #endif
|
| int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
| - unsigned long arg4, unsigned long arg5, int *rc_p)
| + unsigned long arg4, unsigned long arg5, long *rc_p)
| {
| - int error = 0;
| + long error = 0;
|
| switch (option) {
| case PR_CAPBSET_READ:
| diff --git a/security/dummy.c b/security/dummy.c
| index c9e6d9f..e79f988 100644
| --- a/security/dummy.c
| +++ b/security/dummy.c
| @@ -595,7 +595,7 @@ static int dummy_task_kill (struct task_struct *p,
struct siginfo *info,
| }
|
| static int dummy_task_prctl (int option, unsigned long arg2, unsigned
long arg3,
| - unsigned long arg4, unsigned long arg5, int *rc_p)
| + unsigned long arg4, unsigned long arg5, long *rc_p)
| {
| return 0;
| }
| diff --git a/security/security.c b/security/security.c
| index c3cc14e..6f53155 100644
| --- a/security/security.c
| +++ b/security/security.c
| @@ -683,7 +683,7 @@ int security_task_wait(struct task_struct *p)
| }
|
| int security_task_prctl(int option, unsigned long arg2, unsigned long
arg3,
| - unsigned long arg4, unsigned long arg5, int *rc_p)
| + unsigned long arg4, unsigned long arg5, long *rc_p)
| {
| return security_ops->task_prctl(option, arg2, arg3, arg4, arg5, rc_p);
| }
| diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
| index 3c88858..a553984 100644
| --- a/security/selinux/hooks.c
| +++ b/security/selinux/hooks.c
| @@ -3210,7 +3210,7 @@ static int selinux_task_prctl(int option,
| unsigned long arg3,
| unsigned long arg4,
| unsigned long arg5,
| - int *rc_p)
| + long *rc_p)
| {
| /* The current prctl operations do not appear to require
| any SELinux controls since they merely observe or modify
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFHpVsF+bHCR3gb8jsRAul1AKDLULHkgP0Lp3T7BKIYOoAmLlZ4gACfYFs7
oXVa3G1znfhjpr1ZNmJuOxQ=
=ZoRb
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2008-02-03 6:11 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-01 8:11 [PATCH] per-process securebits Andrew G. Morgan
2008-02-01 8:28 ` Andrew Morton
2008-02-01 9:07 ` James Morris
2008-02-04 18:17 ` Pavel Machek
2008-02-04 22:00 ` Andrew Morton
2008-02-03 6:01 ` Andrew G. Morgan
2008-02-03 6:18 ` Andrew Morton
2008-02-03 6:25 ` Ismail Dönmez
2008-02-04 0:49 ` Andrew G. Morgan
2008-02-04 0:54 ` Ismail Dönmez
2008-02-04 1:10 ` Andrew G. Morgan
2008-02-04 16:45 ` Serge E. Hallyn
2008-02-05 1:15 ` Ismail Dönmez
2008-02-01 20:15 ` serge
2008-02-03 6:11 ` Andrew G. Morgan [this message]
2008-02-05 18:46 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47A55B06.3060707@kernel.org \
--to=morgan@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.