diff options
| author | Glenn Elliott <gelliott@cs.unc.edu> | 2012-03-04 19:47:13 -0500 |
|---|---|---|
| committer | Glenn Elliott <gelliott@cs.unc.edu> | 2012-03-04 19:47:13 -0500 |
| commit | c71c03bda1e86c9d5198c5d83f712e695c4f2a1e (patch) | |
| tree | ecb166cb3e2b7e2adb3b5e292245fefd23381ac8 /include/linux/capability.h | |
| parent | ea53c912f8a86a8567697115b6a0d8152beee5c8 (diff) | |
| parent | 6a00f206debf8a5c8899055726ad127dbeeed098 (diff) | |
Merge branch 'mpi-master' into wip-k-fmlpwip-k-fmlp
Conflicts:
litmus/sched_cedf.c
Diffstat (limited to 'include/linux/capability.h')
| -rw-r--r-- | include/linux/capability.h | 66 |
1 files changed, 27 insertions, 39 deletions
diff --git a/include/linux/capability.h b/include/linux/capability.h index 90012b9ddbf3..c42112350003 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h | |||
| @@ -246,7 +246,6 @@ struct cpu_vfs_cap_data { | |||
| 246 | /* Allow configuration of the secure attention key */ | 246 | /* Allow configuration of the secure attention key */ |
| 247 | /* Allow administration of the random device */ | 247 | /* Allow administration of the random device */ |
| 248 | /* Allow examination and configuration of disk quotas */ | 248 | /* Allow examination and configuration of disk quotas */ |
| 249 | /* Allow configuring the kernel's syslog (printk behaviour) */ | ||
| 250 | /* Allow setting the domainname */ | 249 | /* Allow setting the domainname */ |
| 251 | /* Allow setting the hostname */ | 250 | /* Allow setting the hostname */ |
| 252 | /* Allow calling bdflush() */ | 251 | /* Allow calling bdflush() */ |
| @@ -352,7 +351,16 @@ struct cpu_vfs_cap_data { | |||
| 352 | 351 | ||
| 353 | #define CAP_MAC_ADMIN 33 | 352 | #define CAP_MAC_ADMIN 33 |
| 354 | 353 | ||
| 355 | #define CAP_LAST_CAP CAP_MAC_ADMIN | 354 | /* Allow configuring the kernel's syslog (printk behaviour) */ |
| 355 | |||
| 356 | #define CAP_SYSLOG 34 | ||
| 357 | |||
| 358 | /* Allow triggering something that will wake the system */ | ||
| 359 | |||
| 360 | #define CAP_WAKE_ALARM 35 | ||
| 361 | |||
| 362 | |||
| 363 | #define CAP_LAST_CAP CAP_WAKE_ALARM | ||
| 356 | 364 | ||
| 357 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP) | 365 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP) |
| 358 | 366 | ||
| @@ -365,6 +373,15 @@ struct cpu_vfs_cap_data { | |||
| 365 | 373 | ||
| 366 | #ifdef __KERNEL__ | 374 | #ifdef __KERNEL__ |
| 367 | 375 | ||
| 376 | struct dentry; | ||
| 377 | struct user_namespace; | ||
| 378 | |||
| 379 | struct user_namespace *current_user_ns(void); | ||
| 380 | |||
| 381 | extern const kernel_cap_t __cap_empty_set; | ||
| 382 | extern const kernel_cap_t __cap_full_set; | ||
| 383 | extern const kernel_cap_t __cap_init_eff_set; | ||
| 384 | |||
| 368 | /* | 385 | /* |
| 369 | * Internal kernel functions only | 386 | * Internal kernel functions only |
| 370 | */ | 387 | */ |
| @@ -400,7 +417,6 @@ struct cpu_vfs_cap_data { | |||
| 400 | 417 | ||
| 401 | # define CAP_EMPTY_SET ((kernel_cap_t){{ 0, 0 }}) | 418 | # define CAP_EMPTY_SET ((kernel_cap_t){{ 0, 0 }}) |
| 402 | # define CAP_FULL_SET ((kernel_cap_t){{ ~0, ~0 }}) | 419 | # define CAP_FULL_SET ((kernel_cap_t){{ ~0, ~0 }}) |
| 403 | # define CAP_INIT_EFF_SET ((kernel_cap_t){{ ~CAP_TO_MASK(CAP_SETPCAP), ~0 }}) | ||
| 404 | # define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \ | 420 | # define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \ |
| 405 | | CAP_TO_MASK(CAP_LINUX_IMMUTABLE), \ | 421 | | CAP_TO_MASK(CAP_LINUX_IMMUTABLE), \ |
| 406 | CAP_FS_MASK_B1 } }) | 422 | CAP_FS_MASK_B1 } }) |
| @@ -410,11 +426,7 @@ struct cpu_vfs_cap_data { | |||
| 410 | 426 | ||
| 411 | #endif /* _KERNEL_CAPABILITY_U32S != 2 */ | 427 | #endif /* _KERNEL_CAPABILITY_U32S != 2 */ |
| 412 | 428 | ||
| 413 | #define CAP_INIT_INH_SET CAP_EMPTY_SET | ||
| 414 | |||
| 415 | # define cap_clear(c) do { (c) = __cap_empty_set; } while (0) | 429 | # define cap_clear(c) do { (c) = __cap_empty_set; } while (0) |
| 416 | # define cap_set_full(c) do { (c) = __cap_full_set; } while (0) | ||
| 417 | # define cap_set_init_eff(c) do { (c) = __cap_init_eff_set; } while (0) | ||
| 418 | 430 | ||
| 419 | #define cap_raise(c, flag) ((c).cap[CAP_TO_INDEX(flag)] |= CAP_TO_MASK(flag)) | 431 | #define cap_raise(c, flag) ((c).cap[CAP_TO_INDEX(flag)] |= CAP_TO_MASK(flag)) |
| 420 | #define cap_lower(c, flag) ((c).cap[CAP_TO_INDEX(flag)] &= ~CAP_TO_MASK(flag)) | 432 | #define cap_lower(c, flag) ((c).cap[CAP_TO_INDEX(flag)] &= ~CAP_TO_MASK(flag)) |
| @@ -527,40 +539,16 @@ static inline kernel_cap_t cap_raise_nfsd_set(const kernel_cap_t a, | |||
| 527 | cap_intersect(permitted, __cap_nfsd_set)); | 539 | cap_intersect(permitted, __cap_nfsd_set)); |
| 528 | } | 540 | } |
| 529 | 541 | ||
| 530 | extern const kernel_cap_t __cap_empty_set; | 542 | extern bool has_capability(struct task_struct *t, int cap); |
| 531 | extern const kernel_cap_t __cap_full_set; | 543 | extern bool has_ns_capability(struct task_struct *t, |
| 532 | extern const kernel_cap_t __cap_init_eff_set; | 544 | struct user_namespace *ns, int cap); |
| 533 | 545 | extern bool has_capability_noaudit(struct task_struct *t, int cap); | |
| 534 | /** | 546 | extern bool capable(int cap); |
| 535 | * has_capability - Determine if a task has a superior capability available | 547 | extern bool ns_capable(struct user_namespace *ns, int cap); |
| 536 | * @t: The task in question | 548 | extern bool task_ns_capable(struct task_struct *t, int cap); |
| 537 | * @cap: The capability to be tested for | 549 | extern bool nsown_capable(int cap); |
| 538 | * | ||
| 539 | * Return true if the specified task has the given superior capability | ||
| 540 | * currently in effect, false if not. | ||
| 541 | * | ||
| 542 | * Note that this does not set PF_SUPERPRIV on the task. | ||
| 543 | */ | ||
| 544 | #define has_capability(t, cap) (security_real_capable((t), (cap)) == 0) | ||
| 545 | |||
| 546 | /** | ||
| 547 | * has_capability_noaudit - Determine if a task has a superior capability available (unaudited) | ||
| 548 | * @t: The task in question | ||
| 549 | * @cap: The capability to be tested for | ||
| 550 | * | ||
| 551 | * Return true if the specified task has the given superior capability | ||
| 552 | * currently in effect, false if not, but don't write an audit message for the | ||
| 553 | * check. | ||
| 554 | * | ||
| 555 | * Note that this does not set PF_SUPERPRIV on the task. | ||
| 556 | */ | ||
| 557 | #define has_capability_noaudit(t, cap) \ | ||
| 558 | (security_real_capable_noaudit((t), (cap)) == 0) | ||
| 559 | |||
| 560 | extern int capable(int cap); | ||
| 561 | 550 | ||
| 562 | /* audit system wants to get cap info from files as well */ | 551 | /* audit system wants to get cap info from files as well */ |
| 563 | struct dentry; | ||
| 564 | extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps); | 552 | extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps); |
| 565 | 553 | ||
| 566 | #endif /* __KERNEL__ */ | 554 | #endif /* __KERNEL__ */ |