Magellan Linux

Annotation of /trunk/kernel-magellan/patches-3.8/0109-3.8.10-all-fixes.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 2161 - (hide annotations) (download)
Tue Apr 30 12:25:46 2013 UTC (11 years, 6 months ago) by niro
File size: 1865 byte(s)
-linux-3.8.10
1 niro 2161 diff --git a/include/linux/capability.h b/include/linux/capability.h
2     index 98503b7..d9a4f7f4 100644
3     --- a/include/linux/capability.h
4     +++ b/include/linux/capability.h
5     @@ -35,6 +35,7 @@ struct cpu_vfs_cap_data {
6     #define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t))
7    
8    
9     +struct file;
10     struct inode;
11     struct dentry;
12     struct user_namespace;
13     @@ -211,6 +212,7 @@ extern bool capable(int cap);
14     extern bool ns_capable(struct user_namespace *ns, int cap);
15     extern bool nsown_capable(int cap);
16     extern bool inode_capable(const struct inode *inode, int cap);
17     +extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap);
18    
19     /* audit system wants to get cap info from files as well */
20     extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
21     diff --git a/kernel/capability.c b/kernel/capability.c
22     index 493d972..f6c2ce5 100644
23     --- a/kernel/capability.c
24     +++ b/kernel/capability.c
25     @@ -393,6 +393,30 @@ bool ns_capable(struct user_namespace *ns, int cap)
26     EXPORT_SYMBOL(ns_capable);
27    
28     /**
29     + * file_ns_capable - Determine if the file's opener had a capability in effect
30     + * @file: The file we want to check
31     + * @ns: The usernamespace we want the capability in
32     + * @cap: The capability to be tested for
33     + *
34     + * Return true if task that opened the file had a capability in effect
35     + * when the file was opened.
36     + *
37     + * This does not set PF_SUPERPRIV because the caller may not
38     + * actually be privileged.
39     + */
40     +bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap)
41     +{
42     + if (WARN_ON_ONCE(!cap_valid(cap)))
43     + return false;
44     +
45     + if (security_capable(file->f_cred, ns, cap) == 0)
46     + return true;
47     +
48     + return false;
49     +}
50     +EXPORT_SYMBOL(file_ns_capable);
51     +
52     +/**
53     * capable - Determine if the current task has a superior capability in effect
54     * @cap: The capability to be tested for
55     *