diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-12-28 14:43:54 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-12-28 14:43:54 -0500 |
| commit | bb26c6c29b7cc9f39e491b074b09f3c284738d36 (patch) | |
| tree | c7867af2bb4ff0feae889183efcd4d79b0f9a325 /include/linux/init_task.h | |
| parent | e14e61e967f2b3bdf23f05e4ae5b9aa830151a44 (diff) | |
| parent | cbacc2c7f066a1e01b33b0e27ae5efbf534bc2db (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (105 commits)
SELinux: don't check permissions for kernel mounts
security: pass mount flags to security_sb_kern_mount()
SELinux: correctly detect proc filesystems of the form "proc/foo"
Audit: Log TIOCSTI
user namespaces: document CFS behavior
user namespaces: require cap_set{ug}id for CLONE_NEWUSER
user namespaces: let user_ns be cloned with fairsched
CRED: fix sparse warnings
User namespaces: use the current_user_ns() macro
User namespaces: set of cleanups (v2)
nfsctl: add headers for credentials
coda: fix creds reference
capabilities: define get_vfs_caps_from_disk when file caps are not enabled
CRED: Allow kernel services to override LSM settings for task actions
CRED: Add a kernel_service object class to SELinux
CRED: Differentiate objective and effective subjective credentials on a task
CRED: Documentation
CRED: Use creds in file structs
CRED: Prettify commoncap.c
CRED: Make execve() take advantage of copy-on-write credentials
...
Diffstat (limited to 'include/linux/init_task.h')
| -rw-r--r-- | include/linux/init_task.h | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/include/linux/init_task.h b/include/linux/init_task.h index 23fd8909b9e5..959f5522d10a 100644 --- a/include/linux/init_task.h +++ b/include/linux/init_task.h | |||
| @@ -57,7 +57,6 @@ extern struct nsproxy init_nsproxy; | |||
| 57 | .mnt_ns = NULL, \ | 57 | .mnt_ns = NULL, \ |
| 58 | INIT_NET_NS(net_ns) \ | 58 | INIT_NET_NS(net_ns) \ |
| 59 | INIT_IPC_NS(ipc_ns) \ | 59 | INIT_IPC_NS(ipc_ns) \ |
| 60 | .user_ns = &init_user_ns, \ | ||
| 61 | } | 60 | } |
| 62 | 61 | ||
| 63 | #define INIT_SIGHAND(sighand) { \ | 62 | #define INIT_SIGHAND(sighand) { \ |
| @@ -113,6 +112,8 @@ extern struct group_info init_groups; | |||
| 113 | # define CAP_INIT_BSET CAP_INIT_EFF_SET | 112 | # define CAP_INIT_BSET CAP_INIT_EFF_SET |
| 114 | #endif | 113 | #endif |
| 115 | 114 | ||
| 115 | extern struct cred init_cred; | ||
| 116 | |||
| 116 | /* | 117 | /* |
| 117 | * INIT_TASK is used to set up the first task table, touch at | 118 | * INIT_TASK is used to set up the first task table, touch at |
| 118 | * your own risk!. Base=0, limit=0x1fffff (=2MB) | 119 | * your own risk!. Base=0, limit=0x1fffff (=2MB) |
| @@ -147,13 +148,10 @@ extern struct group_info init_groups; | |||
| 147 | .children = LIST_HEAD_INIT(tsk.children), \ | 148 | .children = LIST_HEAD_INIT(tsk.children), \ |
| 148 | .sibling = LIST_HEAD_INIT(tsk.sibling), \ | 149 | .sibling = LIST_HEAD_INIT(tsk.sibling), \ |
| 149 | .group_leader = &tsk, \ | 150 | .group_leader = &tsk, \ |
| 150 | .group_info = &init_groups, \ | 151 | .real_cred = &init_cred, \ |
| 151 | .cap_effective = CAP_INIT_EFF_SET, \ | 152 | .cred = &init_cred, \ |
| 152 | .cap_inheritable = CAP_INIT_INH_SET, \ | 153 | .cred_exec_mutex = \ |
| 153 | .cap_permitted = CAP_FULL_SET, \ | 154 | __MUTEX_INITIALIZER(tsk.cred_exec_mutex), \ |
| 154 | .cap_bset = CAP_INIT_BSET, \ | ||
| 155 | .securebits = SECUREBITS_DEFAULT, \ | ||
| 156 | .user = INIT_USER, \ | ||
| 157 | .comm = "swapper", \ | 155 | .comm = "swapper", \ |
| 158 | .thread = INIT_THREAD, \ | 156 | .thread = INIT_THREAD, \ |
| 159 | .fs = &init_fs, \ | 157 | .fs = &init_fs, \ |