diff options
| author | Serge E. Hallyn <serue@us.ibm.com> | 2009-11-23 17:21:30 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2009-11-23 23:06:47 -0500 |
| commit | b3a222e52e4d4be77cc4520a57af1a4a0d8222d1 (patch) | |
| tree | 1c3d5df529a404636b996ef39c991c9b8813aa12 /include | |
| parent | 0bce95279909aa4cc401a2e3140b4295ca22e72a (diff) | |
remove CONFIG_SECURITY_FILE_CAPABILITIES compile option
As far as I know, all distros currently ship kernels with default
CONFIG_SECURITY_FILE_CAPABILITIES=y. Since having the option on
leaves a 'no_file_caps' option to boot without file capabilities,
the main reason to keep the option is that turning it off saves
you (on my s390x partition) 5k. In particular, vmlinux sizes
came to:
without patch fscaps=n: 53598392
without patch fscaps=y: 53603406
with this patch applied: 53603342
with the security-next tree.
Against this we must weigh the fact that there is no simple way for
userspace to figure out whether file capabilities are supported,
while things like per-process securebits, capability bounding
sets, and adding bits to pI if CAP_SETPCAP is in pE are not supported
with SECURITY_FILE_CAPABILITIES=n, leaving a bit of a problem for
applications wanting to know whether they can use them and/or why
something failed.
It also adds another subtly different set of semantics which we must
maintain at the risk of severe security regressions.
So this patch removes the SECURITY_FILE_CAPABILITIES compile
option. It drops the kernel size by about 50k over the stock
SECURITY_FILE_CAPABILITIES=y kernel, by removing the
cap_limit_ptraced_target() function.
Changelog:
Nov 20: remove cap_limit_ptraced_target() as it's logic
was ifndef'ed.
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: Andrew G. Morgan" <morgan@kernel.org>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/capability.h | 2 | ||||
| -rw-r--r-- | include/linux/init_task.h | 4 |
2 files changed, 0 insertions, 6 deletions
diff --git a/include/linux/capability.h b/include/linux/capability.h index c8f2a5f70ed5..39e5ff512fbe 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h | |||
| @@ -92,9 +92,7 @@ struct vfs_cap_data { | |||
| 92 | #define _KERNEL_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_3 | 92 | #define _KERNEL_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_3 |
| 93 | #define _KERNEL_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_3 | 93 | #define _KERNEL_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_3 |
| 94 | 94 | ||
| 95 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES | ||
| 96 | extern int file_caps_enabled; | 95 | extern int file_caps_enabled; |
| 97 | #endif | ||
| 98 | 96 | ||
| 99 | typedef struct kernel_cap_struct { | 97 | typedef struct kernel_cap_struct { |
| 100 | __u32 cap[_KERNEL_CAPABILITY_U32S]; | 98 | __u32 cap[_KERNEL_CAPABILITY_U32S]; |
diff --git a/include/linux/init_task.h b/include/linux/init_task.h index 21a6f5d9af22..8d10aa7fd4c9 100644 --- a/include/linux/init_task.h +++ b/include/linux/init_task.h | |||
| @@ -83,16 +83,12 @@ extern struct group_info init_groups; | |||
| 83 | #define INIT_IDS | 83 | #define INIT_IDS |
| 84 | #endif | 84 | #endif |
| 85 | 85 | ||
| 86 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES | ||
| 87 | /* | 86 | /* |
| 88 | * Because of the reduced scope of CAP_SETPCAP when filesystem | 87 | * Because of the reduced scope of CAP_SETPCAP when filesystem |
| 89 | * capabilities are in effect, it is safe to allow CAP_SETPCAP to | 88 | * capabilities are in effect, it is safe to allow CAP_SETPCAP to |
| 90 | * be available in the default configuration. | 89 | * be available in the default configuration. |
| 91 | */ | 90 | */ |
| 92 | # define CAP_INIT_BSET CAP_FULL_SET | 91 | # define CAP_INIT_BSET CAP_FULL_SET |
| 93 | #else | ||
| 94 | # define CAP_INIT_BSET CAP_INIT_EFF_SET | ||
| 95 | #endif | ||
| 96 | 92 | ||
| 97 | #ifdef CONFIG_TREE_PREEMPT_RCU | 93 | #ifdef CONFIG_TREE_PREEMPT_RCU |
| 98 | #define INIT_TASK_RCU_PREEMPT(tsk) \ | 94 | #define INIT_TASK_RCU_PREEMPT(tsk) \ |