diff options
| author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:16 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:16 -0500 |
| commit | b6dff3ec5e116e3af6f537d4caedcad6b9e5082a (patch) | |
| tree | 9e76f972eb7ce9b84e0146c8e4126a3f86acb428 /fs/open.c | |
| parent | 15a2460ed0af7538ca8e6c610fe607a2cd9da142 (diff) | |
CRED: Separate task security context from task_struct
Separate the task security context from task_struct. At this point, the
security data is temporarily embedded in the task_struct with two pointers
pointing to it.
Note that the Alpha arch is altered as it refers to (E)UID and (E)GID in
entry.S via asm-offsets.
With comment fixes Signed-off-by: Marc Dionne <marc.c.dionne@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs/open.c')
| -rw-r--r-- | fs/open.c | 17 |
1 files changed, 9 insertions, 8 deletions
| @@ -425,6 +425,7 @@ out: | |||
| 425 | */ | 425 | */ |
| 426 | asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode) | 426 | asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode) |
| 427 | { | 427 | { |
| 428 | struct cred *cred = current->cred; | ||
| 428 | struct path path; | 429 | struct path path; |
| 429 | struct inode *inode; | 430 | struct inode *inode; |
| 430 | int old_fsuid, old_fsgid; | 431 | int old_fsuid, old_fsgid; |
| @@ -434,18 +435,18 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode) | |||
| 434 | if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */ | 435 | if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */ |
| 435 | return -EINVAL; | 436 | return -EINVAL; |
| 436 | 437 | ||
| 437 | old_fsuid = current->fsuid; | 438 | old_fsuid = cred->fsuid; |
| 438 | old_fsgid = current->fsgid; | 439 | old_fsgid = cred->fsgid; |
| 439 | 440 | ||
| 440 | current->fsuid = current->uid; | 441 | cred->fsuid = cred->uid; |
| 441 | current->fsgid = current->gid; | 442 | cred->fsgid = cred->gid; |
| 442 | 443 | ||
| 443 | if (!issecure(SECURE_NO_SETUID_FIXUP)) { | 444 | if (!issecure(SECURE_NO_SETUID_FIXUP)) { |
| 444 | /* Clear the capabilities if we switch to a non-root user */ | 445 | /* Clear the capabilities if we switch to a non-root user */ |
| 445 | if (current->uid) | 446 | if (current->cred->uid) |
| 446 | old_cap = cap_set_effective(__cap_empty_set); | 447 | old_cap = cap_set_effective(__cap_empty_set); |
| 447 | else | 448 | else |
| 448 | old_cap = cap_set_effective(current->cap_permitted); | 449 | old_cap = cap_set_effective(cred->cap_permitted); |
| 449 | } | 450 | } |
| 450 | 451 | ||
| 451 | res = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path); | 452 | res = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path); |
| @@ -484,8 +485,8 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode) | |||
| 484 | out_path_release: | 485 | out_path_release: |
| 485 | path_put(&path); | 486 | path_put(&path); |
| 486 | out: | 487 | out: |
| 487 | current->fsuid = old_fsuid; | 488 | cred->fsuid = old_fsuid; |
| 488 | current->fsgid = old_fsgid; | 489 | cred->fsgid = old_fsgid; |
| 489 | 490 | ||
| 490 | if (!issecure(SECURE_NO_SETUID_FIXUP)) | 491 | if (!issecure(SECURE_NO_SETUID_FIXUP)) |
| 491 | cap_set_effective(old_cap); | 492 | cap_set_effective(old_cap); |