Annotation of /trunk/kernel-magellan/patches-3.8/0109-3.8.10-all-fixes.patch
Parent Directory | Revision Log
Revision 2161 -
(hide annotations)
(download)
Tue Apr 30 12:25:46 2013 UTC (11 years, 6 months ago) by niro
File size: 1865 byte(s)
Tue Apr 30 12:25:46 2013 UTC (11 years, 6 months ago) by niro
File size: 1865 byte(s)
-linux-3.8.10
1 | niro | 2161 | diff --git a/include/linux/capability.h b/include/linux/capability.h |
2 | index 98503b7..d9a4f7f4 100644 | ||
3 | --- a/include/linux/capability.h | ||
4 | +++ b/include/linux/capability.h | ||
5 | @@ -35,6 +35,7 @@ struct cpu_vfs_cap_data { | ||
6 | #define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) | ||
7 | |||
8 | |||
9 | +struct file; | ||
10 | struct inode; | ||
11 | struct dentry; | ||
12 | struct user_namespace; | ||
13 | @@ -211,6 +212,7 @@ extern bool capable(int cap); | ||
14 | extern bool ns_capable(struct user_namespace *ns, int cap); | ||
15 | extern bool nsown_capable(int cap); | ||
16 | extern bool inode_capable(const struct inode *inode, int cap); | ||
17 | +extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap); | ||
18 | |||
19 | /* audit system wants to get cap info from files as well */ | ||
20 | extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps); | ||
21 | diff --git a/kernel/capability.c b/kernel/capability.c | ||
22 | index 493d972..f6c2ce5 100644 | ||
23 | --- a/kernel/capability.c | ||
24 | +++ b/kernel/capability.c | ||
25 | @@ -393,6 +393,30 @@ bool ns_capable(struct user_namespace *ns, int cap) | ||
26 | EXPORT_SYMBOL(ns_capable); | ||
27 | |||
28 | /** | ||
29 | + * file_ns_capable - Determine if the file's opener had a capability in effect | ||
30 | + * @file: The file we want to check | ||
31 | + * @ns: The usernamespace we want the capability in | ||
32 | + * @cap: The capability to be tested for | ||
33 | + * | ||
34 | + * Return true if task that opened the file had a capability in effect | ||
35 | + * when the file was opened. | ||
36 | + * | ||
37 | + * This does not set PF_SUPERPRIV because the caller may not | ||
38 | + * actually be privileged. | ||
39 | + */ | ||
40 | +bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap) | ||
41 | +{ | ||
42 | + if (WARN_ON_ONCE(!cap_valid(cap))) | ||
43 | + return false; | ||
44 | + | ||
45 | + if (security_capable(file->f_cred, ns, cap) == 0) | ||
46 | + return true; | ||
47 | + | ||
48 | + return false; | ||
49 | +} | ||
50 | +EXPORT_SYMBOL(file_ns_capable); | ||
51 | + | ||
52 | +/** | ||
53 | * capable - Determine if the current task has a superior capability in effect | ||
54 | * @cap: The capability to be tested for | ||
55 | * |