diff options
author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:16 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:16 -0500 |
commit | b6dff3ec5e116e3af6f537d4caedcad6b9e5082a (patch) | |
tree | 9e76f972eb7ce9b84e0146c8e4126a3f86acb428 /fs/proc | |
parent | 15a2460ed0af7538ca8e6c610fe607a2cd9da142 (diff) |
CRED: Separate task security context from task_struct
Separate the task security context from task_struct. At this point, the
security data is temporarily embedded in the task_struct with two pointers
pointing to it.
Note that the Alpha arch is altered as it refers to (E)UID and (E)GID in
entry.S via asm-offsets.
With comment fixes Signed-off-by: Marc Dionne <marc.c.dionne@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs/proc')
-rw-r--r-- | fs/proc/array.c | 18 | ||||
-rw-r--r-- | fs/proc/base.c | 16 |
2 files changed, 18 insertions, 16 deletions
diff --git a/fs/proc/array.c b/fs/proc/array.c index 6af7fba7abb1..62fe9b2009b6 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c | |||
@@ -182,8 +182,8 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns, | |||
182 | task_tgid_nr_ns(p, ns), | 182 | task_tgid_nr_ns(p, ns), |
183 | pid_nr_ns(pid, ns), | 183 | pid_nr_ns(pid, ns), |
184 | ppid, tpid, | 184 | ppid, tpid, |
185 | p->uid, p->euid, p->suid, p->fsuid, | 185 | p->cred->uid, p->cred->euid, p->cred->suid, p->cred->fsuid, |
186 | p->gid, p->egid, p->sgid, p->fsgid); | 186 | p->cred->gid, p->cred->egid, p->cred->sgid, p->cred->fsgid); |
187 | 187 | ||
188 | task_lock(p); | 188 | task_lock(p); |
189 | if (p->files) | 189 | if (p->files) |
@@ -194,7 +194,7 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns, | |||
194 | fdt ? fdt->max_fds : 0); | 194 | fdt ? fdt->max_fds : 0); |
195 | rcu_read_unlock(); | 195 | rcu_read_unlock(); |
196 | 196 | ||
197 | group_info = p->group_info; | 197 | group_info = p->cred->group_info; |
198 | get_group_info(group_info); | 198 | get_group_info(group_info); |
199 | task_unlock(p); | 199 | task_unlock(p); |
200 | 200 | ||
@@ -262,7 +262,7 @@ static inline void task_sig(struct seq_file *m, struct task_struct *p) | |||
262 | blocked = p->blocked; | 262 | blocked = p->blocked; |
263 | collect_sigign_sigcatch(p, &ignored, &caught); | 263 | collect_sigign_sigcatch(p, &ignored, &caught); |
264 | num_threads = atomic_read(&p->signal->count); | 264 | num_threads = atomic_read(&p->signal->count); |
265 | qsize = atomic_read(&p->user->sigpending); | 265 | qsize = atomic_read(&p->cred->user->sigpending); |
266 | qlim = p->signal->rlim[RLIMIT_SIGPENDING].rlim_cur; | 266 | qlim = p->signal->rlim[RLIMIT_SIGPENDING].rlim_cur; |
267 | unlock_task_sighand(p, &flags); | 267 | unlock_task_sighand(p, &flags); |
268 | } | 268 | } |
@@ -293,10 +293,12 @@ static void render_cap_t(struct seq_file *m, const char *header, | |||
293 | 293 | ||
294 | static inline void task_cap(struct seq_file *m, struct task_struct *p) | 294 | static inline void task_cap(struct seq_file *m, struct task_struct *p) |
295 | { | 295 | { |
296 | render_cap_t(m, "CapInh:\t", &p->cap_inheritable); | 296 | struct cred *cred = p->cred; |
297 | render_cap_t(m, "CapPrm:\t", &p->cap_permitted); | 297 | |
298 | render_cap_t(m, "CapEff:\t", &p->cap_effective); | 298 | render_cap_t(m, "CapInh:\t", &cred->cap_inheritable); |
299 | render_cap_t(m, "CapBnd:\t", &p->cap_bset); | 299 | render_cap_t(m, "CapPrm:\t", &cred->cap_permitted); |
300 | render_cap_t(m, "CapEff:\t", &cred->cap_effective); | ||
301 | render_cap_t(m, "CapBnd:\t", &cred->cap_bset); | ||
300 | } | 302 | } |
301 | 303 | ||
302 | static inline void task_context_switch_counts(struct seq_file *m, | 304 | static inline void task_context_switch_counts(struct seq_file *m, |
diff --git a/fs/proc/base.c b/fs/proc/base.c index 486cf3fe7139..6862b360c36c 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c | |||
@@ -1428,8 +1428,8 @@ static struct inode *proc_pid_make_inode(struct super_block * sb, struct task_st | |||
1428 | inode->i_uid = 0; | 1428 | inode->i_uid = 0; |
1429 | inode->i_gid = 0; | 1429 | inode->i_gid = 0; |
1430 | if (task_dumpable(task)) { | 1430 | if (task_dumpable(task)) { |
1431 | inode->i_uid = task->euid; | 1431 | inode->i_uid = task->cred->euid; |
1432 | inode->i_gid = task->egid; | 1432 | inode->i_gid = task->cred->egid; |
1433 | } | 1433 | } |
1434 | security_task_to_inode(task, inode); | 1434 | security_task_to_inode(task, inode); |
1435 | 1435 | ||
@@ -1454,8 +1454,8 @@ static int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat | |||
1454 | if (task) { | 1454 | if (task) { |
1455 | if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || | 1455 | if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || |
1456 | task_dumpable(task)) { | 1456 | task_dumpable(task)) { |
1457 | stat->uid = task->euid; | 1457 | stat->uid = task->cred->euid; |
1458 | stat->gid = task->egid; | 1458 | stat->gid = task->cred->egid; |
1459 | } | 1459 | } |
1460 | } | 1460 | } |
1461 | rcu_read_unlock(); | 1461 | rcu_read_unlock(); |
@@ -1486,8 +1486,8 @@ static int pid_revalidate(struct dentry *dentry, struct nameidata *nd) | |||
1486 | if (task) { | 1486 | if (task) { |
1487 | if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || | 1487 | if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || |
1488 | task_dumpable(task)) { | 1488 | task_dumpable(task)) { |
1489 | inode->i_uid = task->euid; | 1489 | inode->i_uid = task->cred->euid; |
1490 | inode->i_gid = task->egid; | 1490 | inode->i_gid = task->cred->egid; |
1491 | } else { | 1491 | } else { |
1492 | inode->i_uid = 0; | 1492 | inode->i_uid = 0; |
1493 | inode->i_gid = 0; | 1493 | inode->i_gid = 0; |
@@ -1658,8 +1658,8 @@ static int tid_fd_revalidate(struct dentry *dentry, struct nameidata *nd) | |||
1658 | rcu_read_unlock(); | 1658 | rcu_read_unlock(); |
1659 | put_files_struct(files); | 1659 | put_files_struct(files); |
1660 | if (task_dumpable(task)) { | 1660 | if (task_dumpable(task)) { |
1661 | inode->i_uid = task->euid; | 1661 | inode->i_uid = task->cred->euid; |
1662 | inode->i_gid = task->egid; | 1662 | inode->i_gid = task->cred->egid; |
1663 | } else { | 1663 | } else { |
1664 | inode->i_uid = 0; | 1664 | inode->i_uid = 0; |
1665 | inode->i_gid = 0; | 1665 | inode->i_gid = 0; |