Merge branch 'fix/pcm-jiffies-check' into fix/asoc

author: Takashi Iwai <tiwai@suse.de> 2009-05-04 10:00:16 -0400
committer: Takashi Iwai <tiwai@suse.de> 2009-05-04 10:00:16 -0400
commit: 3a20ac2c52b1317f5a5f0bd9cd3cbe8495ddd026 (patch)
tree: 9a912f2609cefb9698b5cce09cd240bd6dbd09fb /include/linux/capability.h
parent: 18cc8d8d9b74c446832336d8f6e1afb145f9431b (diff)
parent: 3e5b50165fd0be080044586f43fcdd460ed27610 (diff)
1 files changed, 24 insertions, 7 deletions
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 02bdb768d43b..c3021105edc0 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -69,10 +69,6 @@ typedef struct __user_cap_data_struct {
 #define VFS_CAP_U32             VFS_CAP_U32_2
 #define VFS_CAP_REVISION        VFS_CAP_REVISION_2
-#ifdef CONFIG_SECURITY_FILE_CAPABILITIES
-extern int file_caps_enabled;
-#endif
 struct vfs_cap_data {
        __le32 magic_etc;            /* Little endian */
        struct {
@@ -96,6 +92,10 @@ struct vfs_cap_data {
 #define _KERNEL_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_3
 #define _KERNEL_CAPABILITY_U32S    _LINUX_CAPABILITY_U32S_3
+#ifdef CONFIG_SECURITY_FILE_CAPABILITIES
+extern int file_caps_enabled;
+#endif
 typedef struct kernel_cap_struct {
        __u32 cap[_KERNEL_CAPABILITY_U32S];
 } kernel_cap_t;
@@ -377,7 +377,21 @@ struct cpu_vfs_cap_data {
 #define CAP_FOR_EACH_U32(__capi)  \
        for (__capi = 0; __capi < _KERNEL_CAPABILITY_U32S; ++__capi)
+/*
+ * CAP_FS_MASK and CAP_NFSD_MASKS:
+ *
+ * The fs mask is all the privileges that fsuid==0 historically meant.
+ * At one time in the past, that included CAP_MKNOD and CAP_LINUX_IMMUTABLE.
+ *
+ * It has never meant setting security.* and trusted.* xattrs.
+ *
+ * We could also define fsmask as follows:
+ *   1. CAP_FS_MASK is the privilege to bypass all fs-related DAC permissions
+ *   2. The security.* and trusted.* xattrs are fs-related MAC permissions
+ */
 # define CAP_FS_MASK_B0     (CAP_TO_MASK(CAP_CHOWN)             \
+                            | CAP_TO_MASK(CAP_MKNOD)            \
                            | CAP_TO_MASK(CAP_DAC_OVERRIDE)     \
                            | CAP_TO_MASK(CAP_DAC_READ_SEARCH)  \
                            | CAP_TO_MASK(CAP_FOWNER)           \
@@ -392,9 +406,12 @@ struct cpu_vfs_cap_data {
 # define CAP_EMPTY_SET    ((kernel_cap_t){{ 0, 0 }})
 # define CAP_FULL_SET     ((kernel_cap_t){{ ~0, ~0 }})
 # define CAP_INIT_EFF_SET ((kernel_cap_t){{ ~CAP_TO_MASK(CAP_SETPCAP), ~0 }})
-# define CAP_FS_SET       ((kernel_cap_t){{ CAP_FS_MASK_B0, CAP_FS_MASK_B1 } })
+# define CAP_FS_SET       ((kernel_cap_t){{ CAP_FS_MASK_B0 \
-# define CAP_NFSD_SET     ((kernel_cap_t){{ CAP_FS_MASK_B0|CAP_TO_MASK(CAP_SYS_RESOURCE), \
+                                    | CAP_TO_MASK(CAP_LINUX_IMMUTABLE), \
-                                        CAP_FS_MASK_B1 } })
+                                    CAP_FS_MASK_B1 } })
+# define CAP_NFSD_SET     ((kernel_cap_t){{ CAP_FS_MASK_B0 \
+                                    | CAP_TO_MASK(CAP_SYS_RESOURCE), \
+                                    CAP_FS_MASK_B1 } })
 #endif /* _KERNEL_CAPABILITY_U32S != 2 */
author	Takashi Iwai <tiwai@suse.de>	2009-05-04 10:00:16 -0400
committer	Takashi Iwai <tiwai@suse.de>	2009-05-04 10:00:16 -0400
commit	3a20ac2c52b1317f5a5f0bd9cd3cbe8495ddd026 (patch)
tree	9a912f2609cefb9698b5cce09cd240bd6dbd09fb /include/linux/capability.h
parent	18cc8d8d9b74c446832336d8f6e1afb145f9431b (diff)
parent	3e5b50165fd0be080044586f43fcdd460ed27610 (diff)