From: Dan Ballard <dan@mindstab.net>
To: Randy Dunlap <rdunlap@xenotime.net>,
Andrew Morton <akpm@linux-foundation.org>,
Ingo Molnar <mingo@elte.hu>,
Lennart Poettering <lennart@poettering.net>,
Kay Sievers <kay.sievers@vrfy.org>,
Dan Ballard <dan@mindstab.net>
Cc: linux-kernel@vger.kernel.org, Dan Ballard <dan@mindstab.net>
Subject: [PATCH 1/1] kernel/sysctl.c: Add cap_last_cap to /proc/sys/kernel
Date: Sat, 15 Oct 2011 07:50:05 -0700 [thread overview]
Message-ID: <1318690205-2731-1-git-send-email-dan@mindstab.net> (raw)
In-Reply-To: <1318460194-31983-1-git-send-email-dan@mindstab.net>
Userspace needs to know the highest valid capability of the running
kernel, which right now cannot reliably be retrieved from the header
files only. The fact that this value cannot be determined properly
right now creates various problems for libraries compiled on newer
header files which are run on older kernels. They assume
capabilities are available which actually aren't.
Now the capability is exported in /proc/sys/kernel/cap_last_cap.
Signed-off-by: Dan Ballard <dan@mindstab.net>
---
Documentation/sysctl/kernel.txt | 8 ++++++++
kernel/sysctl.c | 9 +++++++++
2 files changed, 17 insertions(+), 0 deletions(-)
diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt
index 704e474..1f24636 100644
--- a/Documentation/sysctl/kernel.txt
+++ b/Documentation/sysctl/kernel.txt
@@ -24,6 +24,7 @@ show up in /proc/sys/kernel:
- bootloader_type [ X86 only ]
- bootloader_version [ X86 only ]
- callhome [ S390 only ]
+- cap_last_cap
- core_pattern
- core_pipe_limit
- core_uses_pid
@@ -155,6 +156,13 @@ on has a service contract with IBM.
==============================================================
+cap_last_cap
+
+Highest valid capability of the running kernel. Exports
+CAP_LAST_CAP from the kernel.
+
+==============================================================
+
core_pattern:
core_pattern is used to specify a core dumpfile pattern name.
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 11d65b5..06455c0 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -57,6 +57,7 @@
#include <linux/pipe_fs_i.h>
#include <linux/oom.h>
#include <linux/kmod.h>
+#include <linux/capability.h>
#include <asm/uaccess.h>
#include <asm/processor.h>
@@ -134,6 +135,7 @@ static int minolduid;
static int min_percpu_pagelist_fract = 8;
static int ngroups_max = NGROUPS_MAX;
+static int cap_last_cap = CAP_LAST_CAP;
#ifdef CONFIG_INOTIFY_USER
#include <linux/inotify.h>
@@ -730,6 +732,13 @@ static struct ctl_table kern_table[] = {
.mode = 0444,
.proc_handler = proc_dointvec,
},
+ {
+ .procname = "cap_last_cap",
+ .data = &cap_last_cap,
+ .maxlen = sizeof(int),
+ .mode = 0444,
+ .proc_handler = proc_dointvec,
+ },
#if defined(CONFIG_LOCKUP_DETECTOR)
{
.procname = "watchdog",
--
1.7.2.5
next prev parent reply other threads:[~2011-10-15 14:50 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-12 22:56 [PATCH 1/1] added code to export CAP_LAST_CAP in /proc/sys/kernel modeled after ngroups_max Dan Ballard
2011-10-14 20:51 ` Andrew Morton
2011-10-15 14:50 ` Dan Ballard [this message]
2011-10-17 22:39 ` [PATCH 1/1] kernel/sysctl.c: Add cap_last_cap to /proc/sys/kernel Andrew Morton
2011-10-19 23:09 ` Lennart Poettering
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1318690205-2731-1-git-send-email-dan@mindstab.net \
--to=dan@mindstab.net \
--cc=akpm@linux-foundation.org \
--cc=kay.sievers@vrfy.org \
--cc=lennart@poettering.net \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=rdunlap@xenotime.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox