diff options
author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:16 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:16 -0500 |
commit | b6dff3ec5e116e3af6f537d4caedcad6b9e5082a (patch) | |
tree | 9e76f972eb7ce9b84e0146c8e4126a3f86acb428 /kernel/fork.c | |
parent | 15a2460ed0af7538ca8e6c610fe607a2cd9da142 (diff) |
CRED: Separate task security context from task_struct
Separate the task security context from task_struct. At this point, the
security data is temporarily embedded in the task_struct with two pointers
pointing to it.
Note that the Alpha arch is altered as it refers to (E)UID and (E)GID in
entry.S via asm-offsets.
With comment fixes Signed-off-by: Marc Dionne <marc.c.dionne@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'kernel/fork.c')
-rw-r--r-- | kernel/fork.c | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/kernel/fork.c b/kernel/fork.c index f6083561dfe0..81fdc7733908 100644 --- a/kernel/fork.c +++ b/kernel/fork.c | |||
@@ -147,8 +147,8 @@ void __put_task_struct(struct task_struct *tsk) | |||
147 | WARN_ON(tsk == current); | 147 | WARN_ON(tsk == current); |
148 | 148 | ||
149 | security_task_free(tsk); | 149 | security_task_free(tsk); |
150 | free_uid(tsk->user); | 150 | free_uid(tsk->__temp_cred.user); |
151 | put_group_info(tsk->group_info); | 151 | put_group_info(tsk->__temp_cred.group_info); |
152 | delayacct_tsk_free(tsk); | 152 | delayacct_tsk_free(tsk); |
153 | 153 | ||
154 | if (!profile_handoff_task(tsk)) | 154 | if (!profile_handoff_task(tsk)) |
@@ -969,17 +969,18 @@ static struct task_struct *copy_process(unsigned long clone_flags, | |||
969 | DEBUG_LOCKS_WARN_ON(!p->hardirqs_enabled); | 969 | DEBUG_LOCKS_WARN_ON(!p->hardirqs_enabled); |
970 | DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); | 970 | DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); |
971 | #endif | 971 | #endif |
972 | p->cred = &p->__temp_cred; | ||
972 | retval = -EAGAIN; | 973 | retval = -EAGAIN; |
973 | if (atomic_read(&p->user->processes) >= | 974 | if (atomic_read(&p->cred->user->processes) >= |
974 | p->signal->rlim[RLIMIT_NPROC].rlim_cur) { | 975 | p->signal->rlim[RLIMIT_NPROC].rlim_cur) { |
975 | if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && | 976 | if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && |
976 | p->user != current->nsproxy->user_ns->root_user) | 977 | p->cred->user != current->nsproxy->user_ns->root_user) |
977 | goto bad_fork_free; | 978 | goto bad_fork_free; |
978 | } | 979 | } |
979 | 980 | ||
980 | atomic_inc(&p->user->__count); | 981 | atomic_inc(&p->cred->user->__count); |
981 | atomic_inc(&p->user->processes); | 982 | atomic_inc(&p->cred->user->processes); |
982 | get_group_info(p->group_info); | 983 | get_group_info(p->cred->group_info); |
983 | 984 | ||
984 | /* | 985 | /* |
985 | * If multiple threads are within copy_process(), then this check | 986 | * If multiple threads are within copy_process(), then this check |
@@ -1035,9 +1036,8 @@ static struct task_struct *copy_process(unsigned long clone_flags, | |||
1035 | p->real_start_time = p->start_time; | 1036 | p->real_start_time = p->start_time; |
1036 | monotonic_to_bootbased(&p->real_start_time); | 1037 | monotonic_to_bootbased(&p->real_start_time); |
1037 | #ifdef CONFIG_SECURITY | 1038 | #ifdef CONFIG_SECURITY |
1038 | p->security = NULL; | 1039 | p->cred->security = NULL; |
1039 | #endif | 1040 | #endif |
1040 | p->cap_bset = current->cap_bset; | ||
1041 | p->io_context = NULL; | 1041 | p->io_context = NULL; |
1042 | p->audit_context = NULL; | 1042 | p->audit_context = NULL; |
1043 | cgroup_fork(p); | 1043 | cgroup_fork(p); |
@@ -1298,9 +1298,9 @@ bad_fork_cleanup_cgroup: | |||
1298 | bad_fork_cleanup_put_domain: | 1298 | bad_fork_cleanup_put_domain: |
1299 | module_put(task_thread_info(p)->exec_domain->module); | 1299 | module_put(task_thread_info(p)->exec_domain->module); |
1300 | bad_fork_cleanup_count: | 1300 | bad_fork_cleanup_count: |
1301 | put_group_info(p->group_info); | 1301 | put_group_info(p->cred->group_info); |
1302 | atomic_dec(&p->user->processes); | 1302 | atomic_dec(&p->cred->user->processes); |
1303 | free_uid(p->user); | 1303 | free_uid(p->cred->user); |
1304 | bad_fork_free: | 1304 | bad_fork_free: |
1305 | free_task(p); | 1305 | free_task(p); |
1306 | fork_out: | 1306 | fork_out: |