From: serge@hallyn.com (Serge E. Hallyn)
To: linux-security-module@vger.kernel.org
Subject: [PATCH V3 03/10] capabilities: rename has_cap to has_fcap
Date: Thu, 24 Aug 2017 11:10:20 -0500 [thread overview]
Message-ID: <20170824161020.GC10515@mail.hallyn.com> (raw)
In-Reply-To: <8d77769c458b997ac9b07363bb865415a937848e.1503459890.git.rgb@redhat.com>
Quoting Richard Guy Briggs (rgb at redhat.com):
> Rename has_cap to has_fcap to clarify it applies to file capabilities
> since the entire source file is about capabilities.
>
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
> ---
> security/commoncap.c | 20 ++++++++++----------
> 1 files changed, 10 insertions(+), 10 deletions(-)
>
> diff --git a/security/commoncap.c b/security/commoncap.c
> index 6f05ec0..028d4e4 100644
> --- a/security/commoncap.c
> +++ b/security/commoncap.c
> @@ -339,7 +339,7 @@ int cap_inode_killpriv(struct dentry *dentry)
> static inline int bprm_caps_from_vfs_caps(struct cpu_vfs_cap_data *caps,
> struct linux_binprm *bprm,
> bool *effective,
> - bool *has_cap)
> + bool *has_fcap)
> {
> struct cred *new = bprm->cred;
> unsigned i;
> @@ -349,7 +349,7 @@ static inline int bprm_caps_from_vfs_caps(struct cpu_vfs_cap_data *caps,
> *effective = true;
>
> if (caps->magic_etc & VFS_CAP_REVISION_MASK)
> - *has_cap = true;
> + *has_fcap = true;
>
> CAP_FOR_EACH_U32(i) {
> __u32 permitted = caps->permitted.cap[i];
> @@ -438,7 +438,7 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data
> * its xattrs and, if present, apply them to the proposed credentials being
> * constructed by execve().
> */
> -static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_cap)
> +static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_fcap)
> {
> int rc = 0;
> struct cpu_vfs_cap_data vcaps;
> @@ -469,7 +469,7 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c
> goto out;
> }
>
> - rc = bprm_caps_from_vfs_caps(&vcaps, bprm, effective, has_cap);
> + rc = bprm_caps_from_vfs_caps(&vcaps, bprm, effective, has_fcap);
> if (rc == -EINVAL)
> printk(KERN_NOTICE "%s: cap_from_disk returned %d for %s\n",
> __func__, rc, bprm->filename);
> @@ -481,7 +481,7 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c
> return rc;
> }
>
> -void handle_privileged_root(struct linux_binprm *bprm, bool has_cap, bool *effective, kuid_t root_uid)
> +void handle_privileged_root(struct linux_binprm *bprm, bool has_fcap, bool *effective, kuid_t root_uid)
> {
> const struct cred *old = current_cred();
> struct cred *new = bprm->cred;
> @@ -493,7 +493,7 @@ void handle_privileged_root(struct linux_binprm *bprm, bool has_cap, bool *effec
> * for a setuid root binary run by a non-root user. Do set it
> * for a root user just to cause least surprise to an admin.
> */
> - if (has_cap && !uid_eq(new->uid, root_uid) && uid_eq(new->euid, root_uid)) {
> + if (has_fcap && !uid_eq(new->uid, root_uid) && uid_eq(new->euid, root_uid)) {
> warn_setuid_and_fcaps_mixed(bprm->filename);
> return;
> }
> @@ -531,20 +531,20 @@ int cap_bprm_set_creds(struct linux_binprm *bprm)
> {
> const struct cred *old = current_cred();
> struct cred *new = bprm->cred;
> - bool effective = false, has_cap = false, is_setid;
> + bool effective = false, has_fcap = false, is_setid;
> int ret;
> kuid_t root_uid;
>
> if (WARN_ON(!cap_ambient_invariant_ok(old)))
> return -EPERM;
>
> - ret = get_file_caps(bprm, &effective, &has_cap);
> + ret = get_file_caps(bprm, &effective, &has_fcap);
> if (ret < 0)
> return ret;
>
> root_uid = make_kuid(new->user_ns, 0);
>
> - handle_privileged_root(bprm, has_cap, &effective, root_uid);
> + handle_privileged_root(bprm, has_fcap, &effective, root_uid);
>
> /* if we have fs caps, clear dangerous personality flags */
> if (cap_gained(permitted, new, old))
> @@ -574,7 +574,7 @@ int cap_bprm_set_creds(struct linux_binprm *bprm)
> new->sgid = new->fsgid = new->egid;
>
> /* File caps or setid cancels ambient. */
> - if (has_cap || is_setid)
> + if (has_fcap || is_setid)
> cap_clear(new->cap_ambient);
>
> /*
> --
> 1.7.1
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-08-24 16:10 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-23 10:12 [PATCH V3 00/10] capabilities: do not audit log BPRM_FCAPS on set*id Richard Guy Briggs
2017-08-23 10:12 ` [PATCH V3 01/10] capabilities: factor out cap_bprm_set_creds privileged root Richard Guy Briggs
2017-08-24 15:42 ` Serge E. Hallyn
2017-08-25 5:55 ` James Morris
2017-08-25 10:49 ` Richard Guy Briggs
2017-08-23 10:12 ` [PATCH V3 02/10] capabilities: intuitive names for cap gain status Richard Guy Briggs
2017-08-24 16:03 ` Serge E. Hallyn
2017-08-24 16:19 ` Richard Guy Briggs
2017-08-24 16:37 ` Serge E. Hallyn
2017-08-24 19:06 ` Kees Cook
2017-08-24 21:17 ` Paul Moore
2017-08-28 9:19 ` Richard Guy Briggs
2017-08-28 11:08 ` Richard Guy Briggs
2017-09-01 10:18 ` Richard Guy Briggs
2017-09-02 5:37 ` Serge E. Hallyn
2017-09-04 6:57 ` Richard Guy Briggs
2017-09-05 6:45 ` Richard Guy Briggs
2017-08-25 5:56 ` James Morris
2017-08-25 15:08 ` Andy Lutomirski
2017-08-25 18:47 ` Serge E. Hallyn
2017-08-23 10:12 ` [PATCH V3 03/10] capabilities: rename has_cap to has_fcap Richard Guy Briggs
2017-08-24 16:10 ` Serge E. Hallyn [this message]
2017-08-25 5:56 ` James Morris
2017-08-23 10:12 ` [PATCH V3 04/10] capabilities: use root_priveleged inline to clarify logic Richard Guy Briggs
2017-08-24 16:14 ` Serge E. Hallyn
2017-08-25 5:58 ` James Morris
2017-08-28 12:03 ` Richard Guy Briggs
2017-08-31 14:49 ` Serge E. Hallyn
2017-08-23 10:12 ` [PATCH V3 05/10] capabilities: use intuitive names for id changes Richard Guy Briggs
2017-08-24 16:17 ` Serge E. Hallyn
2017-08-25 5:59 ` James Morris
2017-08-25 15:06 ` Andy Lutomirski
2017-08-25 18:51 ` Serge E. Hallyn
2017-08-25 19:45 ` Andy Lutomirski
2017-08-25 20:06 ` Serge E. Hallyn
2017-08-28 1:32 ` James Morris
2017-08-28 9:12 ` Richard Guy Briggs
2017-08-28 20:12 ` Andy Lutomirski
2017-08-23 10:12 ` [PATCH V3 06/10] capabilities: move audit log decision to function Richard Guy Briggs
2017-08-24 16:18 ` Serge E. Hallyn
2017-08-25 6:01 ` James Morris
2017-08-23 10:12 ` [PATCH V3 07/10] capabilities: remove a layer of conditional logic Richard Guy Briggs
2017-08-24 16:20 ` Serge E. Hallyn
2017-08-25 5:47 ` James Morris
2017-08-25 15:11 ` Andy Lutomirski
2017-08-25 18:53 ` Serge E. Hallyn
2017-08-23 10:12 ` [PATCH V3 08/10] capabilities: invert logic for clarity Richard Guy Briggs
2017-08-24 16:23 ` Serge E. Hallyn
2017-08-25 5:47 ` James Morris
2017-08-23 10:13 ` [PATCH V3 09/10] capabilities: fix logic for effective root or real root Richard Guy Briggs
2017-08-24 16:29 ` Serge E. Hallyn
2017-08-24 16:44 ` Richard Guy Briggs
2017-08-24 16:47 ` Serge E. Hallyn
2017-08-25 5:48 ` James Morris
2017-08-23 10:13 ` [PATCH V3 10/10] capabilities: audit log other surprising conditions Richard Guy Briggs
2017-08-24 16:35 ` Serge E. Hallyn
2017-08-25 5:50 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170824161020.GC10515@mail.hallyn.com \
--to=serge@hallyn.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).