Contents of /trunk/kernel-alx/patches-3.8/0109-3.8.10-all-fixes.patch
Parent Directory | Revision Log
Revision 2163 -
(show annotations)
(download)
Tue Apr 30 12:30:57 2013 UTC (11 years, 5 months ago) by niro
File size: 1865 byte(s)
Tue Apr 30 12:30:57 2013 UTC (11 years, 5 months ago) by niro
File size: 1865 byte(s)
-linux-3.8.10
1 | diff --git a/include/linux/capability.h b/include/linux/capability.h |
2 | index 98503b7..d9a4f7f4 100644 |
3 | --- a/include/linux/capability.h |
4 | +++ b/include/linux/capability.h |
5 | @@ -35,6 +35,7 @@ struct cpu_vfs_cap_data { |
6 | #define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) |
7 | |
8 | |
9 | +struct file; |
10 | struct inode; |
11 | struct dentry; |
12 | struct user_namespace; |
13 | @@ -211,6 +212,7 @@ extern bool capable(int cap); |
14 | extern bool ns_capable(struct user_namespace *ns, int cap); |
15 | extern bool nsown_capable(int cap); |
16 | extern bool inode_capable(const struct inode *inode, int cap); |
17 | +extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap); |
18 | |
19 | /* audit system wants to get cap info from files as well */ |
20 | extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps); |
21 | diff --git a/kernel/capability.c b/kernel/capability.c |
22 | index 493d972..f6c2ce5 100644 |
23 | --- a/kernel/capability.c |
24 | +++ b/kernel/capability.c |
25 | @@ -393,6 +393,30 @@ bool ns_capable(struct user_namespace *ns, int cap) |
26 | EXPORT_SYMBOL(ns_capable); |
27 | |
28 | /** |
29 | + * file_ns_capable - Determine if the file's opener had a capability in effect |
30 | + * @file: The file we want to check |
31 | + * @ns: The usernamespace we want the capability in |
32 | + * @cap: The capability to be tested for |
33 | + * |
34 | + * Return true if task that opened the file had a capability in effect |
35 | + * when the file was opened. |
36 | + * |
37 | + * This does not set PF_SUPERPRIV because the caller may not |
38 | + * actually be privileged. |
39 | + */ |
40 | +bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap) |
41 | +{ |
42 | + if (WARN_ON_ONCE(!cap_valid(cap))) |
43 | + return false; |
44 | + |
45 | + if (security_capable(file->f_cred, ns, cap) == 0) |
46 | + return true; |
47 | + |
48 | + return false; |
49 | +} |
50 | +EXPORT_SYMBOL(file_ns_capable); |
51 | + |
52 | +/** |
53 | * capable - Determine if the current task has a superior capability in effect |
54 | * @cap: The capability to be tested for |
55 | * |