aboutsummaryrefslogtreecommitdiffstats
path: root/fs/proc
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2008-11-13 18:39:16 -0500
committerJames Morris <jmorris@namei.org>2008-11-13 18:39:16 -0500
commitb6dff3ec5e116e3af6f537d4caedcad6b9e5082a (patch)
tree9e76f972eb7ce9b84e0146c8e4126a3f86acb428 /fs/proc
parent15a2460ed0af7538ca8e6c610fe607a2cd9da142 (diff)
CRED: Separate task security context from task_struct
Separate the task security context from task_struct. At this point, the security data is temporarily embedded in the task_struct with two pointers pointing to it. Note that the Alpha arch is altered as it refers to (E)UID and (E)GID in entry.S via asm-offsets. With comment fixes Signed-off-by: Marc Dionne <marc.c.dionne@gmail.com> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: James Morris <jmorris@namei.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs/proc')
-rw-r--r--fs/proc/array.c18
-rw-r--r--fs/proc/base.c16
2 files changed, 18 insertions, 16 deletions
diff --git a/fs/proc/array.c b/fs/proc/array.c
index 6af7fba7abb1..62fe9b2009b6 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -182,8 +182,8 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
182 task_tgid_nr_ns(p, ns), 182 task_tgid_nr_ns(p, ns),
183 pid_nr_ns(pid, ns), 183 pid_nr_ns(pid, ns),
184 ppid, tpid, 184 ppid, tpid,
185 p->uid, p->euid, p->suid, p->fsuid, 185 p->cred->uid, p->cred->euid, p->cred->suid, p->cred->fsuid,
186 p->gid, p->egid, p->sgid, p->fsgid); 186 p->cred->gid, p->cred->egid, p->cred->sgid, p->cred->fsgid);
187 187
188 task_lock(p); 188 task_lock(p);
189 if (p->files) 189 if (p->files)
@@ -194,7 +194,7 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
194 fdt ? fdt->max_fds : 0); 194 fdt ? fdt->max_fds : 0);
195 rcu_read_unlock(); 195 rcu_read_unlock();
196 196
197 group_info = p->group_info; 197 group_info = p->cred->group_info;
198 get_group_info(group_info); 198 get_group_info(group_info);
199 task_unlock(p); 199 task_unlock(p);
200 200
@@ -262,7 +262,7 @@ static inline void task_sig(struct seq_file *m, struct task_struct *p)
262 blocked = p->blocked; 262 blocked = p->blocked;
263 collect_sigign_sigcatch(p, &ignored, &caught); 263 collect_sigign_sigcatch(p, &ignored, &caught);
264 num_threads = atomic_read(&p->signal->count); 264 num_threads = atomic_read(&p->signal->count);
265 qsize = atomic_read(&p->user->sigpending); 265 qsize = atomic_read(&p->cred->user->sigpending);
266 qlim = p->signal->rlim[RLIMIT_SIGPENDING].rlim_cur; 266 qlim = p->signal->rlim[RLIMIT_SIGPENDING].rlim_cur;
267 unlock_task_sighand(p, &flags); 267 unlock_task_sighand(p, &flags);
268 } 268 }
@@ -293,10 +293,12 @@ static void render_cap_t(struct seq_file *m, const char *header,
293 293
294static inline void task_cap(struct seq_file *m, struct task_struct *p) 294static inline void task_cap(struct seq_file *m, struct task_struct *p)
295{ 295{
296 render_cap_t(m, "CapInh:\t", &p->cap_inheritable); 296 struct cred *cred = p->cred;
297 render_cap_t(m, "CapPrm:\t", &p->cap_permitted); 297
298 render_cap_t(m, "CapEff:\t", &p->cap_effective); 298 render_cap_t(m, "CapInh:\t", &cred->cap_inheritable);
299 render_cap_t(m, "CapBnd:\t", &p->cap_bset); 299 render_cap_t(m, "CapPrm:\t", &cred->cap_permitted);
300 render_cap_t(m, "CapEff:\t", &cred->cap_effective);
301 render_cap_t(m, "CapBnd:\t", &cred->cap_bset);
300} 302}
301 303
302static inline void task_context_switch_counts(struct seq_file *m, 304static inline void task_context_switch_counts(struct seq_file *m,
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 486cf3fe7139..6862b360c36c 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1428,8 +1428,8 @@ static struct inode *proc_pid_make_inode(struct super_block * sb, struct task_st
1428 inode->i_uid = 0; 1428 inode->i_uid = 0;
1429 inode->i_gid = 0; 1429 inode->i_gid = 0;
1430 if (task_dumpable(task)) { 1430 if (task_dumpable(task)) {
1431 inode->i_uid = task->euid; 1431 inode->i_uid = task->cred->euid;
1432 inode->i_gid = task->egid; 1432 inode->i_gid = task->cred->egid;
1433 } 1433 }
1434 security_task_to_inode(task, inode); 1434 security_task_to_inode(task, inode);
1435 1435
@@ -1454,8 +1454,8 @@ static int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat
1454 if (task) { 1454 if (task) {
1455 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || 1455 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
1456 task_dumpable(task)) { 1456 task_dumpable(task)) {
1457 stat->uid = task->euid; 1457 stat->uid = task->cred->euid;
1458 stat->gid = task->egid; 1458 stat->gid = task->cred->egid;
1459 } 1459 }
1460 } 1460 }
1461 rcu_read_unlock(); 1461 rcu_read_unlock();
@@ -1486,8 +1486,8 @@ static int pid_revalidate(struct dentry *dentry, struct nameidata *nd)
1486 if (task) { 1486 if (task) {
1487 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || 1487 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
1488 task_dumpable(task)) { 1488 task_dumpable(task)) {
1489 inode->i_uid = task->euid; 1489 inode->i_uid = task->cred->euid;
1490 inode->i_gid = task->egid; 1490 inode->i_gid = task->cred->egid;
1491 } else { 1491 } else {
1492 inode->i_uid = 0; 1492 inode->i_uid = 0;
1493 inode->i_gid = 0; 1493 inode->i_gid = 0;
@@ -1658,8 +1658,8 @@ static int tid_fd_revalidate(struct dentry *dentry, struct nameidata *nd)
1658 rcu_read_unlock(); 1658 rcu_read_unlock();
1659 put_files_struct(files); 1659 put_files_struct(files);
1660 if (task_dumpable(task)) { 1660 if (task_dumpable(task)) {
1661 inode->i_uid = task->euid; 1661 inode->i_uid = task->cred->euid;
1662 inode->i_gid = task->egid; 1662 inode->i_gid = task->cred->egid;
1663 } else { 1663 } else {
1664 inode->i_uid = 0; 1664 inode->i_uid = 0;
1665 inode->i_gid = 0; 1665 inode->i_gid = 0;