aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Ballard <dan@mindstab.net>2011-10-31 20:11:20 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2011-10-31 20:30:53 -0400
commit73efc0394e148d0e15583e13712637831f926720 (patch)
tree896c58a85f520bcccae4f16647cfb0f1ecd2c08e
parent4ff819515b203f937cc6c8a0215a37a68d1ee71f (diff)
kernel/sysctl.c: add cap_last_cap to /proc/sys/kernel
Userspace needs to know the highest valid capability of the running kernel, which right now cannot reliably be retrieved from the header files only. The fact that this value cannot be determined properly right now creates various problems for libraries compiled on newer header files which are run on older kernels. They assume capabilities are available which actually aren't. libcap-ng is one example. And we ran into the same problem with systemd too. Now the capability is exported in /proc/sys/kernel/cap_last_cap. [akpm@linux-foundation.org: make cap_last_cap const, per Ulrich] Signed-off-by: Dan Ballard <dan@mindstab.net> Cc: Randy Dunlap <rdunlap@xenotime.net> Cc: Ingo Molnar <mingo@elte.hu> Cc: Lennart Poettering <lennart@poettering.net> Cc: Kay Sievers <kay.sievers@vrfy.org> Cc: Ulrich Drepper <drepper@akkadia.org> Cc: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--Documentation/sysctl/kernel.txt8
-rw-r--r--kernel/sysctl.c9
2 files changed, 17 insertions, 0 deletions
diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt
index 704e474a93df..1f2463671a1a 100644
--- a/Documentation/sysctl/kernel.txt
+++ b/Documentation/sysctl/kernel.txt
@@ -24,6 +24,7 @@ show up in /proc/sys/kernel:
24- bootloader_type [ X86 only ] 24- bootloader_type [ X86 only ]
25- bootloader_version [ X86 only ] 25- bootloader_version [ X86 only ]
26- callhome [ S390 only ] 26- callhome [ S390 only ]
27- cap_last_cap
27- core_pattern 28- core_pattern
28- core_pipe_limit 29- core_pipe_limit
29- core_uses_pid 30- core_uses_pid
@@ -155,6 +156,13 @@ on has a service contract with IBM.
155 156
156============================================================== 157==============================================================
157 158
159cap_last_cap
160
161Highest valid capability of the running kernel. Exports
162CAP_LAST_CAP from the kernel.
163
164==============================================================
165
158core_pattern: 166core_pattern:
159 167
160core_pattern is used to specify a core dumpfile pattern name. 168core_pattern is used to specify a core dumpfile pattern name.
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 2d2ecdcc8cdb..c49d66658ec0 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -57,6 +57,7 @@
57#include <linux/pipe_fs_i.h> 57#include <linux/pipe_fs_i.h>
58#include <linux/oom.h> 58#include <linux/oom.h>
59#include <linux/kmod.h> 59#include <linux/kmod.h>
60#include <linux/capability.h>
60 61
61#include <asm/uaccess.h> 62#include <asm/uaccess.h>
62#include <asm/processor.h> 63#include <asm/processor.h>
@@ -134,6 +135,7 @@ static int minolduid;
134static int min_percpu_pagelist_fract = 8; 135static int min_percpu_pagelist_fract = 8;
135 136
136static int ngroups_max = NGROUPS_MAX; 137static int ngroups_max = NGROUPS_MAX;
138static const int cap_last_cap = CAP_LAST_CAP;
137 139
138#ifdef CONFIG_INOTIFY_USER 140#ifdef CONFIG_INOTIFY_USER
139#include <linux/inotify.h> 141#include <linux/inotify.h>
@@ -740,6 +742,13 @@ static struct ctl_table kern_table[] = {
740 .mode = 0444, 742 .mode = 0444,
741 .proc_handler = proc_dointvec, 743 .proc_handler = proc_dointvec,
742 }, 744 },
745 {
746 .procname = "cap_last_cap",
747 .data = (void *)&cap_last_cap,
748 .maxlen = sizeof(int),
749 .mode = 0444,
750 .proc_handler = proc_dointvec,
751 },
743#if defined(CONFIG_LOCKUP_DETECTOR) 752#if defined(CONFIG_LOCKUP_DETECTOR)
744 { 753 {
745 .procname = "watchdog", 754 .procname = "watchdog",