diff options
author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:16 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:16 -0500 |
commit | b6dff3ec5e116e3af6f537d4caedcad6b9e5082a (patch) | |
tree | 9e76f972eb7ce9b84e0146c8e4126a3f86acb428 /include/linux/sched.h | |
parent | 15a2460ed0af7538ca8e6c610fe607a2cd9da142 (diff) |
CRED: Separate task security context from task_struct
Separate the task security context from task_struct. At this point, the
security data is temporarily embedded in the task_struct with two pointers
pointing to it.
Note that the Alpha arch is altered as it refers to (E)UID and (E)GID in
entry.S via asm-offsets.
With comment fixes Signed-off-by: Marc Dionne <marc.c.dionne@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include/linux/sched.h')
-rw-r--r-- | include/linux/sched.h | 52 |
1 files changed, 4 insertions, 48 deletions
diff --git a/include/linux/sched.h b/include/linux/sched.h index b483f39a7112..c8b92502354d 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h | |||
@@ -660,6 +660,7 @@ extern struct user_struct *find_user(uid_t); | |||
660 | extern struct user_struct root_user; | 660 | extern struct user_struct root_user; |
661 | #define INIT_USER (&root_user) | 661 | #define INIT_USER (&root_user) |
662 | 662 | ||
663 | |||
663 | struct backing_dev_info; | 664 | struct backing_dev_info; |
664 | struct reclaim_state; | 665 | struct reclaim_state; |
665 | 666 | ||
@@ -883,38 +884,7 @@ partition_sched_domains(int ndoms_new, cpumask_t *doms_new, | |||
883 | #endif /* !CONFIG_SMP */ | 884 | #endif /* !CONFIG_SMP */ |
884 | 885 | ||
885 | struct io_context; /* See blkdev.h */ | 886 | struct io_context; /* See blkdev.h */ |
886 | #define NGROUPS_SMALL 32 | ||
887 | #define NGROUPS_PER_BLOCK ((unsigned int)(PAGE_SIZE / sizeof(gid_t))) | ||
888 | struct group_info { | ||
889 | int ngroups; | ||
890 | atomic_t usage; | ||
891 | gid_t small_block[NGROUPS_SMALL]; | ||
892 | int nblocks; | ||
893 | gid_t *blocks[0]; | ||
894 | }; | ||
895 | |||
896 | /* | ||
897 | * get_group_info() must be called with the owning task locked (via task_lock()) | ||
898 | * when task != current. The reason being that the vast majority of callers are | ||
899 | * looking at current->group_info, which can not be changed except by the | ||
900 | * current task. Changing current->group_info requires the task lock, too. | ||
901 | */ | ||
902 | #define get_group_info(group_info) do { \ | ||
903 | atomic_inc(&(group_info)->usage); \ | ||
904 | } while (0) | ||
905 | 887 | ||
906 | #define put_group_info(group_info) do { \ | ||
907 | if (atomic_dec_and_test(&(group_info)->usage)) \ | ||
908 | groups_free(group_info); \ | ||
909 | } while (0) | ||
910 | |||
911 | extern struct group_info *groups_alloc(int gidsetsize); | ||
912 | extern void groups_free(struct group_info *group_info); | ||
913 | extern int set_current_groups(struct group_info *group_info); | ||
914 | extern int groups_search(struct group_info *group_info, gid_t grp); | ||
915 | /* access the groups "array" with this macro */ | ||
916 | #define GROUP_AT(gi, i) \ | ||
917 | ((gi)->blocks[(i)/NGROUPS_PER_BLOCK][(i)%NGROUPS_PER_BLOCK]) | ||
918 | 888 | ||
919 | #ifdef ARCH_HAS_PREFETCH_SWITCH_STACK | 889 | #ifdef ARCH_HAS_PREFETCH_SWITCH_STACK |
920 | extern void prefetch_stack(struct task_struct *t); | 890 | extern void prefetch_stack(struct task_struct *t); |
@@ -1181,17 +1151,9 @@ struct task_struct { | |||
1181 | struct list_head cpu_timers[3]; | 1151 | struct list_head cpu_timers[3]; |
1182 | 1152 | ||
1183 | /* process credentials */ | 1153 | /* process credentials */ |
1184 | uid_t uid,euid,suid,fsuid; | 1154 | struct cred __temp_cred __deprecated; /* temporary credentials to be removed */ |
1185 | gid_t gid,egid,sgid,fsgid; | 1155 | struct cred *cred; /* actual/objective task credentials */ |
1186 | struct group_info *group_info; | 1156 | |
1187 | kernel_cap_t cap_effective, cap_inheritable, cap_permitted, cap_bset; | ||
1188 | struct user_struct *user; | ||
1189 | unsigned securebits; | ||
1190 | #ifdef CONFIG_KEYS | ||
1191 | unsigned char jit_keyring; /* default keyring to attach requested keys to */ | ||
1192 | struct key *request_key_auth; /* assumed request_key authority */ | ||
1193 | struct key *thread_keyring; /* keyring private to this thread */ | ||
1194 | #endif | ||
1195 | char comm[TASK_COMM_LEN]; /* executable name excluding path | 1157 | char comm[TASK_COMM_LEN]; /* executable name excluding path |
1196 | - access with [gs]et_task_comm (which lock | 1158 | - access with [gs]et_task_comm (which lock |
1197 | it with task_lock()) | 1159 | it with task_lock()) |
@@ -1228,9 +1190,6 @@ struct task_struct { | |||
1228 | int (*notifier)(void *priv); | 1190 | int (*notifier)(void *priv); |
1229 | void *notifier_data; | 1191 | void *notifier_data; |
1230 | sigset_t *notifier_mask; | 1192 | sigset_t *notifier_mask; |
1231 | #ifdef CONFIG_SECURITY | ||
1232 | void *security; | ||
1233 | #endif | ||
1234 | struct audit_context *audit_context; | 1193 | struct audit_context *audit_context; |
1235 | #ifdef CONFIG_AUDITSYSCALL | 1194 | #ifdef CONFIG_AUDITSYSCALL |
1236 | uid_t loginuid; | 1195 | uid_t loginuid; |
@@ -1787,9 +1746,6 @@ extern void wake_up_new_task(struct task_struct *tsk, | |||
1787 | extern void sched_fork(struct task_struct *p, int clone_flags); | 1746 | extern void sched_fork(struct task_struct *p, int clone_flags); |
1788 | extern void sched_dead(struct task_struct *p); | 1747 | extern void sched_dead(struct task_struct *p); |
1789 | 1748 | ||
1790 | extern int in_group_p(gid_t); | ||
1791 | extern int in_egroup_p(gid_t); | ||
1792 | |||
1793 | extern void proc_caches_init(void); | 1749 | extern void proc_caches_init(void); |
1794 | extern void flush_signals(struct task_struct *); | 1750 | extern void flush_signals(struct task_struct *); |
1795 | extern void ignore_signals(struct task_struct *); | 1751 | extern void ignore_signals(struct task_struct *); |