diff options
| author | Ondrej Mosnáček <omosnace@redhat.com> | 2018-06-26 07:04:42 -0400 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2018-06-28 11:02:44 -0400 |
| commit | 4b09791ba059cc5a5ec7d69049f5d05da65b6418 (patch) | |
| tree | 2744e9479fc37926fe3b755aa08a678efea0a1b3 /include/linux/cred.h | |
| parent | f7859590d97614815b35a755c8213dfb8f2766bd (diff) | |
cred: conditionally declare groups-related functions
The groups-related functions declared in include/linux/cred.h are
defined in kernel/groups.c, which is compiled only when
CONFIG_MULTIUSER=y. Move all these function declarations under #ifdef
CONFIG_MULTIUSER to help avoid accidental usage in contexts where
CONFIG_MULTIUSER might be disabled.
This patch also adds a fallback for groups_search(). Currently this
function is only called from kernel/groups.c itself and
security/keys/permissions.c, where the call is (by coincidence)
optimized away in case CONFIG_MULTIUSER=n. However, the audit subsystem
(which does not depend on CONFIG_MULTIUSER) calls this function in
-next, so the fallback will be needed to avoid compilation errors or
ugly workarounds.
See also:
https://lkml.org/lkml/2018/6/20/670
https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git/commit/?h=next&id=af85d1772e31fed34165a1b3decef340cf4080c0
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Tested-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'include/linux/cred.h')
| -rw-r--r-- | include/linux/cred.h | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/include/linux/cred.h b/include/linux/cred.h index 631286535d0f..7eed6101c791 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h | |||
| @@ -65,6 +65,12 @@ extern void groups_free(struct group_info *); | |||
| 65 | 65 | ||
| 66 | extern int in_group_p(kgid_t); | 66 | extern int in_group_p(kgid_t); |
| 67 | extern int in_egroup_p(kgid_t); | 67 | extern int in_egroup_p(kgid_t); |
| 68 | extern int groups_search(const struct group_info *, kgid_t); | ||
| 69 | |||
| 70 | extern int set_current_groups(struct group_info *); | ||
| 71 | extern void set_groups(struct cred *, struct group_info *); | ||
| 72 | extern bool may_setgroups(void); | ||
| 73 | extern void groups_sort(struct group_info *); | ||
| 68 | #else | 74 | #else |
| 69 | static inline void groups_free(struct group_info *group_info) | 75 | static inline void groups_free(struct group_info *group_info) |
| 70 | { | 76 | { |
| @@ -78,12 +84,11 @@ static inline int in_egroup_p(kgid_t grp) | |||
| 78 | { | 84 | { |
| 79 | return 1; | 85 | return 1; |
| 80 | } | 86 | } |
| 87 | static inline int groups_search(const struct group_info *group_info, kgid_t grp) | ||
| 88 | { | ||
| 89 | return 1; | ||
| 90 | } | ||
| 81 | #endif | 91 | #endif |
| 82 | extern int set_current_groups(struct group_info *); | ||
| 83 | extern void set_groups(struct cred *, struct group_info *); | ||
| 84 | extern int groups_search(const struct group_info *, kgid_t); | ||
| 85 | extern bool may_setgroups(void); | ||
| 86 | extern void groups_sort(struct group_info *); | ||
| 87 | 92 | ||
| 88 | /* | 93 | /* |
| 89 | * The security context of a task | 94 | * The security context of a task |