diff options
| author | Jiri Kosina <jkosina@suse.cz> | 2011-04-26 04:22:15 -0400 |
|---|---|---|
| committer | Jiri Kosina <jkosina@suse.cz> | 2011-04-26 04:22:59 -0400 |
| commit | 07f9479a40cc778bc1462ada11f95b01360ae4ff (patch) | |
| tree | 0676cf38df3844004bb3ebfd99dfa67a4a8998f5 /include/linux/security.h | |
| parent | 9d5e6bdb3013acfb311ab407eeca0b6a6a3dedbf (diff) | |
| parent | cd2e49e90f1cae7726c9a2c54488d881d7f1cd1c (diff) | |
Merge branch 'master' into for-next
Fast-forwarded to current state of Linus' tree as there are patches to be
applied for files that didn't exist on the old branch.
Diffstat (limited to 'include/linux/security.h')
| -rw-r--r-- | include/linux/security.h | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 56cac520d014..8ce59ef3e5af 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -47,13 +47,14 @@ | |||
| 47 | 47 | ||
| 48 | struct ctl_table; | 48 | struct ctl_table; |
| 49 | struct audit_krule; | 49 | struct audit_krule; |
| 50 | struct user_namespace; | ||
| 50 | 51 | ||
| 51 | /* | 52 | /* |
| 52 | * These functions are in security/capability.c and are used | 53 | * These functions are in security/capability.c and are used |
| 53 | * as the default capabilities functions | 54 | * as the default capabilities functions |
| 54 | */ | 55 | */ |
| 55 | extern int cap_capable(struct task_struct *tsk, const struct cred *cred, | 56 | extern int cap_capable(struct task_struct *tsk, const struct cred *cred, |
| 56 | int cap, int audit); | 57 | struct user_namespace *ns, int cap, int audit); |
| 57 | extern int cap_settime(const struct timespec *ts, const struct timezone *tz); | 58 | extern int cap_settime(const struct timespec *ts, const struct timezone *tz); |
| 58 | extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode); | 59 | extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode); |
| 59 | extern int cap_ptrace_traceme(struct task_struct *parent); | 60 | extern int cap_ptrace_traceme(struct task_struct *parent); |
| @@ -1262,6 +1263,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 1262 | * credentials. | 1263 | * credentials. |
| 1263 | * @tsk contains the task_struct for the process. | 1264 | * @tsk contains the task_struct for the process. |
| 1264 | * @cred contains the credentials to use. | 1265 | * @cred contains the credentials to use. |
| 1266 | * @ns contains the user namespace we want the capability in | ||
| 1265 | * @cap contains the capability <include/linux/capability.h>. | 1267 | * @cap contains the capability <include/linux/capability.h>. |
| 1266 | * @audit: Whether to write an audit message or not | 1268 | * @audit: Whether to write an audit message or not |
| 1267 | * Return 0 if the capability is granted for @tsk. | 1269 | * Return 0 if the capability is granted for @tsk. |
| @@ -1384,7 +1386,7 @@ struct security_operations { | |||
| 1384 | const kernel_cap_t *inheritable, | 1386 | const kernel_cap_t *inheritable, |
| 1385 | const kernel_cap_t *permitted); | 1387 | const kernel_cap_t *permitted); |
| 1386 | int (*capable) (struct task_struct *tsk, const struct cred *cred, | 1388 | int (*capable) (struct task_struct *tsk, const struct cred *cred, |
| 1387 | int cap, int audit); | 1389 | struct user_namespace *ns, int cap, int audit); |
| 1388 | int (*quotactl) (int cmds, int type, int id, struct super_block *sb); | 1390 | int (*quotactl) (int cmds, int type, int id, struct super_block *sb); |
| 1389 | int (*quota_on) (struct dentry *dentry); | 1391 | int (*quota_on) (struct dentry *dentry); |
| 1390 | int (*syslog) (int type); | 1392 | int (*syslog) (int type); |
| @@ -1454,7 +1456,7 @@ struct security_operations { | |||
| 1454 | struct inode *new_dir, struct dentry *new_dentry); | 1456 | struct inode *new_dir, struct dentry *new_dentry); |
| 1455 | int (*inode_readlink) (struct dentry *dentry); | 1457 | int (*inode_readlink) (struct dentry *dentry); |
| 1456 | int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd); | 1458 | int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd); |
| 1457 | int (*inode_permission) (struct inode *inode, int mask); | 1459 | int (*inode_permission) (struct inode *inode, int mask, unsigned flags); |
| 1458 | int (*inode_setattr) (struct dentry *dentry, struct iattr *attr); | 1460 | int (*inode_setattr) (struct dentry *dentry, struct iattr *attr); |
| 1459 | int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry); | 1461 | int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry); |
| 1460 | int (*inode_setxattr) (struct dentry *dentry, const char *name, | 1462 | int (*inode_setxattr) (struct dentry *dentry, const char *name, |
| @@ -1665,9 +1667,12 @@ int security_capset(struct cred *new, const struct cred *old, | |||
| 1665 | const kernel_cap_t *effective, | 1667 | const kernel_cap_t *effective, |
| 1666 | const kernel_cap_t *inheritable, | 1668 | const kernel_cap_t *inheritable, |
| 1667 | const kernel_cap_t *permitted); | 1669 | const kernel_cap_t *permitted); |
| 1668 | int security_capable(const struct cred *cred, int cap); | 1670 | int security_capable(struct user_namespace *ns, const struct cred *cred, |
| 1669 | int security_real_capable(struct task_struct *tsk, int cap); | 1671 | int cap); |
| 1670 | int security_real_capable_noaudit(struct task_struct *tsk, int cap); | 1672 | int security_real_capable(struct task_struct *tsk, struct user_namespace *ns, |
| 1673 | int cap); | ||
| 1674 | int security_real_capable_noaudit(struct task_struct *tsk, | ||
| 1675 | struct user_namespace *ns, int cap); | ||
| 1671 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); | 1676 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); |
| 1672 | int security_quota_on(struct dentry *dentry); | 1677 | int security_quota_on(struct dentry *dentry); |
| 1673 | int security_syslog(int type); | 1678 | int security_syslog(int type); |
| @@ -1860,28 +1865,29 @@ static inline int security_capset(struct cred *new, | |||
| 1860 | return cap_capset(new, old, effective, inheritable, permitted); | 1865 | return cap_capset(new, old, effective, inheritable, permitted); |
| 1861 | } | 1866 | } |
| 1862 | 1867 | ||
| 1863 | static inline int security_capable(const struct cred *cred, int cap) | 1868 | static inline int security_capable(struct user_namespace *ns, |
| 1869 | const struct cred *cred, int cap) | ||
| 1864 | { | 1870 | { |
| 1865 | return cap_capable(current, cred, cap, SECURITY_CAP_AUDIT); | 1871 | return cap_capable(current, cred, ns, cap, SECURITY_CAP_AUDIT); |
| 1866 | } | 1872 | } |
| 1867 | 1873 | ||
| 1868 | static inline int security_real_capable(struct task_struct *tsk, int cap) | 1874 | static inline int security_real_capable(struct task_struct *tsk, struct user_namespace *ns, int cap) |
| 1869 | { | 1875 | { |
| 1870 | int ret; | 1876 | int ret; |
| 1871 | 1877 | ||
| 1872 | rcu_read_lock(); | 1878 | rcu_read_lock(); |
| 1873 | ret = cap_capable(tsk, __task_cred(tsk), cap, SECURITY_CAP_AUDIT); | 1879 | ret = cap_capable(tsk, __task_cred(tsk), ns, cap, SECURITY_CAP_AUDIT); |
| 1874 | rcu_read_unlock(); | 1880 | rcu_read_unlock(); |
| 1875 | return ret; | 1881 | return ret; |
| 1876 | } | 1882 | } |
| 1877 | 1883 | ||
| 1878 | static inline | 1884 | static inline |
| 1879 | int security_real_capable_noaudit(struct task_struct *tsk, int cap) | 1885 | int security_real_capable_noaudit(struct task_struct *tsk, struct user_namespace *ns, int cap) |
| 1880 | { | 1886 | { |
| 1881 | int ret; | 1887 | int ret; |
| 1882 | 1888 | ||
| 1883 | rcu_read_lock(); | 1889 | rcu_read_lock(); |
| 1884 | ret = cap_capable(tsk, __task_cred(tsk), cap, | 1890 | ret = cap_capable(tsk, __task_cred(tsk), ns, cap, |
| 1885 | SECURITY_CAP_NOAUDIT); | 1891 | SECURITY_CAP_NOAUDIT); |
| 1886 | rcu_read_unlock(); | 1892 | rcu_read_unlock(); |
| 1887 | return ret; | 1893 | return ret; |