* Linux 3.8.10
@ 2013-04-26 19:25 Greg KH
2013-04-26 19:25 ` Greg KH
0 siblings, 1 reply; 2+ messages in thread
From: Greg KH @ 2013-04-26 19:25 UTC (permalink / raw)
To: linux-kernel, Andrew Morton, torvalds, stable; +Cc: lwn, Jiri Slaby
[-- Attachment #1: Type: text/plain, Size: 904 bytes --]
I'm announcing the release of the 3.8.10 kernel.
It fixes a build error in the 3.8.9 release. If you can properly build
that kernel, no need for you to upgrade (hint, if you enable CONFIG_NS,
you need this release.)
Many thanks to Shea Levy for pointing out the problem.
The updated 3.8.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.8.y
and can be browsed at the normal kernel.org git web browser:
http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Makefile | 2 +-
include/linux/capability.h | 2 ++
kernel/capability.c | 24 ++++++++++++++++++++++++
3 files changed, 27 insertions(+), 1 deletion(-)
Greg Kroah-Hartman (1):
Linux 3.8.10
Linus Torvalds (1):
Add file_ns_capable() helper function for open-time capability checking
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Linux 3.8.10
2013-04-26 19:25 Linux 3.8.10 Greg KH
@ 2013-04-26 19:25 ` Greg KH
0 siblings, 0 replies; 2+ messages in thread
From: Greg KH @ 2013-04-26 19:25 UTC (permalink / raw)
To: linux-kernel, Andrew Morton, torvalds, stable; +Cc: lwn, Jiri Slaby
diff --git a/Makefile b/Makefile
index 3ae4796..e2b10b9 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,6 @@
VERSION = 3
PATCHLEVEL = 8
-SUBLEVEL = 9
+SUBLEVEL = 10
EXTRAVERSION =
NAME = Displaced Humerus Anterior
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 98503b7..d9a4f7f4 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -35,6 +35,7 @@ struct cpu_vfs_cap_data {
#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t))
+struct file;
struct inode;
struct dentry;
struct user_namespace;
@@ -211,6 +212,7 @@ extern bool capable(int cap);
extern bool ns_capable(struct user_namespace *ns, int cap);
extern bool nsown_capable(int cap);
extern bool inode_capable(const struct inode *inode, int cap);
+extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap);
/* audit system wants to get cap info from files as well */
extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
diff --git a/kernel/capability.c b/kernel/capability.c
index 493d972..f6c2ce5 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -393,6 +393,30 @@ bool ns_capable(struct user_namespace *ns, int cap)
EXPORT_SYMBOL(ns_capable);
/**
+ * file_ns_capable - Determine if the file's opener had a capability in effect
+ * @file: The file we want to check
+ * @ns: The usernamespace we want the capability in
+ * @cap: The capability to be tested for
+ *
+ * Return true if task that opened the file had a capability in effect
+ * when the file was opened.
+ *
+ * This does not set PF_SUPERPRIV because the caller may not
+ * actually be privileged.
+ */
+bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap)
+{
+ if (WARN_ON_ONCE(!cap_valid(cap)))
+ return false;
+
+ if (security_capable(file->f_cred, ns, cap) == 0)
+ return true;
+
+ return false;
+}
+EXPORT_SYMBOL(file_ns_capable);
+
+/**
* capable - Determine if the current task has a superior capability in effect
* @cap: The capability to be tested for
*
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-04-26 19:25 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-04-26 19:25 Linux 3.8.10 Greg KH
2013-04-26 19:25 ` Greg KH
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox