diff options
| author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:26 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:26 -0500 |
| commit | 3b11a1decef07c19443d24ae926982bc8ec9f4c0 (patch) | |
| tree | b6555f0e5b07f4b2badd332a0a900b974920c49d /fs/nfsd/auth.c | |
| parent | 98870ab0a5a3f1822aee681d2997017e1c87d026 (diff) | |
CRED: Differentiate objective and effective subjective credentials on a task
Differentiate the objective and real subjective credentials from the effective
subjective credentials on a task by introducing a second credentials pointer
into the task_struct.
task_struct::real_cred then refers to the objective and apparent real
subjective credentials of a task, as perceived by the other tasks in the
system.
task_struct::cred then refers to the effective subjective credentials of a
task, as used by that task when it's actually running. These are not visible
to the other tasks in the system.
__task_cred(task) then refers to the objective/real credentials of the task in
question.
current_cred() refers to the effective subjective credentials of the current
task.
prepare_creds() uses the objective creds as a base and commit_creds() changes
both pointers in the task_struct (indeed commit_creds() requires them to be the
same).
override_creds() and revert_creds() change the subjective creds pointer only,
and the former returns the old subjective creds. These are used by NFSD,
faccessat() and do_coredump(), and will by used by CacheFiles.
In SELinux, current_has_perm() is provided as an alternative to
task_has_perm(). This uses the effective subjective context of current,
whereas task_has_perm() uses the objective/real context of the subject.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs/nfsd/auth.c')
| -rw-r--r-- | fs/nfsd/auth.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c index 836ffa1047d9..0184fe9b514c 100644 --- a/fs/nfsd/auth.c +++ b/fs/nfsd/auth.c | |||
| @@ -34,6 +34,8 @@ int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp) | |||
| 34 | int flags = nfsexp_flags(rqstp, exp); | 34 | int flags = nfsexp_flags(rqstp, exp); |
| 35 | int ret; | 35 | int ret; |
| 36 | 36 | ||
| 37 | /* discard any old override before preparing the new set */ | ||
| 38 | revert_creds(get_cred(current->real_cred)); | ||
| 37 | new = prepare_creds(); | 39 | new = prepare_creds(); |
| 38 | if (!new) | 40 | if (!new) |
| 39 | return -ENOMEM; | 41 | return -ENOMEM; |
| @@ -82,7 +84,8 @@ int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp) | |||
| 82 | else | 84 | else |
| 83 | new->cap_effective = cap_raise_nfsd_set(new->cap_effective, | 85 | new->cap_effective = cap_raise_nfsd_set(new->cap_effective, |
| 84 | new->cap_permitted); | 86 | new->cap_permitted); |
| 85 | return commit_creds(new); | 87 | put_cred(override_creds(new)); |
| 88 | return 0; | ||
| 86 | 89 | ||
| 87 | oom: | 90 | oom: |
| 88 | ret = -ENOMEM; | 91 | ret = -ENOMEM; |