aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2012-01-03 12:25:15 -0500
committerEric Paris <eparis@redhat.com>2012-01-05 18:52:59 -0500
commitf1c84dae0ecc51aa35c81f19a0ebcd6c0921ddcb (patch)
tree59d729bb7806e42a13f0ec1657c90b717c314002
parentd2a7009f0bb03fa22ad08dd25472efa0568126b9 (diff)
capabilities: remove task_ns_* functions
task_ in the front of a function, in the security subsystem anyway, means to me at least, that we are operating with that task as the subject of the security decision. In this case what it means is that we are using current as the subject but we use the task to get the right namespace. Who in the world would ever realize that's what task_ns_capability means just by the name? This patch eliminates the task_ns functions entirely and uses the has_ns_capability function instead. This means we explicitly open code the ns in question in the caller. I think it makes the caller a LOT more clear what is going on. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>
Diffstat
-rw-r--r--include/linux/capability.h1
-rw-r--r--include/linux/cred.h6
-rw-r--r--kernel/capability.c14
-rw-r--r--kernel/ptrace.c4
-rw-r--r--kernel/sched.c2
5 files changed, 7 insertions, 20 deletions
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 63f59fa8769d..e3e8d9cb9b08 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -547,7 +547,6 @@ extern bool has_ns_capability_noaudit(struct task_struct *t,
547 struct user_namespace *ns, int cap); 547 struct user_namespace *ns, int cap);
548extern bool capable(int cap); 548extern bool capable(int cap);
549extern bool ns_capable(struct user_namespace *ns, int cap); 549extern bool ns_capable(struct user_namespace *ns, int cap);
550extern bool task_ns_capable(struct task_struct *t, int cap);
551extern bool nsown_capable(int cap); 550extern bool nsown_capable(int cap);
552 551
553/* audit system wants to get cap info from files as well */ 552/* audit system wants to get cap info from files as well */
diff --git a/include/linux/cred.h b/include/linux/cred.h
index 40308969ed00..adadf71a7327 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -358,10 +358,12 @@ static inline void put_cred(const struct cred *_cred)
358#define current_security() (current_cred_xxx(security)) 358#define current_security() (current_cred_xxx(security))
359 359
360#ifdef CONFIG_USER_NS 360#ifdef CONFIG_USER_NS
361#define current_user_ns() (current_cred_xxx(user_ns)) 361#define current_user_ns() (current_cred_xxx(user_ns))
362#define task_user_ns(task) (task_cred_xxx((task), user_ns))
362#else 363#else
363extern struct user_namespace init_user_ns; 364extern struct user_namespace init_user_ns;
364#define current_user_ns() (&init_user_ns) 365#define current_user_ns() (&init_user_ns)
366#define task_user_ns(task) (&init_user_ns)
365#endif 367#endif
366 368
367 369
diff --git a/kernel/capability.c b/kernel/capability.c
index 47626446c39a..74fb3b603045 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -409,20 +409,6 @@ bool capable(int cap)
409EXPORT_SYMBOL(capable); 409EXPORT_SYMBOL(capable);
410 410
411/** 411/**
412 * task_ns_capable - Determine whether current task has a superior
413 * capability targeted at a specific task's user namespace.
414 * @t: The task whose user namespace is targeted.
415 * @cap: The capability in question.
416 *
417 * Return true if it does, false otherwise.
418 */
419bool task_ns_capable(struct task_struct *t, int cap)
420{
421 return ns_capable(task_cred_xxx(t, user)->user_ns, cap);
422}
423EXPORT_SYMBOL(task_ns_capable);
424
425/**
426 * nsown_capable - Check superior capability to one's own user_ns 412 * nsown_capable - Check superior capability to one's own user_ns
427 * @cap: The capability in question 413 * @cap: The capability in question
428 * 414 *
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index a70d2a5d8c7b..210bbf045ee9 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -196,7 +196,7 @@ ok:
196 smp_rmb(); 196 smp_rmb();
197 if (task->mm) 197 if (task->mm)
198 dumpable = get_dumpable(task->mm); 198 dumpable = get_dumpable(task->mm);
199 if (!dumpable && !task_ns_capable(task, CAP_SYS_PTRACE)) 199 if (!dumpable && !ns_capable(task_user_ns(task), CAP_SYS_PTRACE))
200 return -EPERM; 200 return -EPERM;
201 201
202 return security_ptrace_access_check(task, mode); 202 return security_ptrace_access_check(task, mode);
@@ -266,7 +266,7 @@ static int ptrace_attach(struct task_struct *task, long request,
266 task->ptrace = PT_PTRACED; 266 task->ptrace = PT_PTRACED;
267 if (seize) 267 if (seize)
268 task->ptrace |= PT_SEIZED; 268 task->ptrace |= PT_SEIZED;
269 if (task_ns_capable(task, CAP_SYS_PTRACE)) 269 if (ns_capable(task_user_ns(task), CAP_SYS_PTRACE))
270 task->ptrace |= PT_PTRACE_CAP; 270 task->ptrace |= PT_PTRACE_CAP;
271 271
272 __ptrace_link(task, current); 272 __ptrace_link(task, current);
diff --git a/kernel/sched.c b/kernel/sched.c
index b50b0f0c9aa9..5670028a9c16 100644
--- a/kernel/sched.c
+++ b/kernel/sched.c
@@ -5409,7 +5409,7 @@ long sched_setaffinity(pid_t pid, const struct cpumask *in_mask)
5409 goto out_free_cpus_allowed; 5409 goto out_free_cpus_allowed;
5410 } 5410 }
5411 retval = -EPERM; 5411 retval = -EPERM;
5412 if (!check_same_owner(p) && !task_ns_capable(p, CAP_SYS_NICE)) 5412 if (!check_same_owner(p) && !ns_capable(task_user_ns(p), CAP_SYS_NICE))
5413 goto out_unlock; 5413 goto out_unlock;
5414 5414
5415 retval = security_task_setscheduler(p); 5415 retval = security_task_setscheduler(p);
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-12 13:31:21 -0500