From: Andrew Morton <akpm@linux-foundation.org>
To: "Andrew G. Morgan" <morgan@kernel.org>
Cc: dhowells@redhat.com, serue@us.ibm.com,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH] capabilities: refactor kernel code + bugfix
Date: Wed, 25 Jun 2008 16:30:35 -0700 [thread overview]
Message-ID: <20080625163035.b409d693.akpm@linux-foundation.org> (raw)
In-Reply-To: <485BCEEB.30105@kernel.org>
On Fri, 20 Jun 2008 08:38:19 -0700
"Andrew G. Morgan" <morgan@kernel.org> wrote:
> From 8a2bffcb5363295ea43ef42c84c121a8e8c7ffa0 Mon Sep 17 00:00:00 2001
> From: Andrew G. Morgan <morgan@kernel.org>
> Date: Fri, 20 Jun 2008 08:16:06 -0700
> Subject: [PATCH] Refactor filesystem capability support in main kernel.
>
> To date, we've tried hard to confine filesystem support for capabilities
> to the security modules. This has left a lot of the code in
> kernel/capability.c in a state where it looks like it supports something
> that filesystem support for capabilities actually suppresses when the
> LSM security/commmoncap.c code runs. What is left is a lot of code that
> uses sub-optimal locking in the main kernel. With this change we refactor
> the main kernel code and make it explicit which locks are needed and that
> the only remaining kernel races in this area are associated with
> non-filesystem capability code.
>
> This commit also includes a bugfix for the fragile setuid fixup
> code in the case that filesystem capabilities are supported (in access()).
> The effect of this fix is gated on filesystem capability support because
> changing securebits is only supported when filesystem capabilities support
> is configured.)
>
> Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
> ---
> fs/open.c | 38 +++--
> include/linux/capability.h | 2 +
> include/linux/securebits.h | 15 +-
> kernel/capability.c | 359 +++++++++++++++++++++++++++++--------------
This is one helluva large (security!) patch for so late in -rc.
Could we please split out the bugfix for 2.6.26 (is it needed in 2.6.25
too?) and hold the refactoring back for 2.6.27?
next prev parent reply other threads:[~2008-06-25 23:32 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-20 15:38 [PATCH] capabilities: refactor kernel code + bugfix Andrew G. Morgan
2008-06-23 15:23 ` Serge E. Hallyn
2008-06-25 23:30 ` Andrew Morton [this message]
2008-06-26 8:46 ` [PATCH 0/4]: security: filesystem capabilities (was Re: [PATCH] capabilities: refactor kernel code + bugfix) Andrew G. Morgan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080625163035.b409d693.akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=dhowells@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=morgan@kernel.org \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox