diff options
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/capability.c | 5 | ||||
| -rw-r--r-- | kernel/sysctl.c | 8 | ||||
| -rw-r--r-- | kernel/sysctl_check.c | 5 |
3 files changed, 12 insertions, 6 deletions
diff --git a/kernel/capability.c b/kernel/capability.c index 4e350a36ed6a..14853be5944d 100644 --- a/kernel/capability.c +++ b/kernel/capability.c | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | * | 3 | * |
| 4 | * Copyright (C) 1997 Andrew Main <zefram@fysh.org> | 4 | * Copyright (C) 1997 Andrew Main <zefram@fysh.org> |
| 5 | * | 5 | * |
| 6 | * Integrated into 2.1.97+, Andrew G. Morgan <morgan@transmeta.com> | 6 | * Integrated into 2.1.97+, Andrew G. Morgan <morgan@kernel.org> |
| 7 | * 30 May 2002: Cleanup, Robert M. Love <rml@tech9.net> | 7 | * 30 May 2002: Cleanup, Robert M. Love <rml@tech9.net> |
| 8 | */ | 8 | */ |
| 9 | 9 | ||
| @@ -14,9 +14,6 @@ | |||
| 14 | #include <linux/syscalls.h> | 14 | #include <linux/syscalls.h> |
| 15 | #include <asm/uaccess.h> | 15 | #include <asm/uaccess.h> |
| 16 | 16 | ||
| 17 | unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */ | ||
| 18 | kernel_cap_t cap_bset = CAP_INIT_EFF_SET; | ||
| 19 | |||
| 20 | /* | 17 | /* |
| 21 | * This lock protects task->cap_* for all tasks including current. | 18 | * This lock protects task->cap_* for all tasks including current. |
| 22 | * Locking rule: acquire this prior to tasklist_lock. | 19 | * Locking rule: acquire this prior to tasklist_lock. |
diff --git a/kernel/sysctl.c b/kernel/sysctl.c index c25e67e19af7..067554bda8b7 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c | |||
| @@ -24,7 +24,7 @@ | |||
| 24 | #include <linux/slab.h> | 24 | #include <linux/slab.h> |
| 25 | #include <linux/sysctl.h> | 25 | #include <linux/sysctl.h> |
| 26 | #include <linux/proc_fs.h> | 26 | #include <linux/proc_fs.h> |
| 27 | #include <linux/capability.h> | 27 | #include <linux/security.h> |
| 28 | #include <linux/ctype.h> | 28 | #include <linux/ctype.h> |
| 29 | #include <linux/utsname.h> | 29 | #include <linux/utsname.h> |
| 30 | #include <linux/smp_lock.h> | 30 | #include <linux/smp_lock.h> |
| @@ -371,6 +371,7 @@ static struct ctl_table kern_table[] = { | |||
| 371 | .proc_handler = &proc_dointvec_taint, | 371 | .proc_handler = &proc_dointvec_taint, |
| 372 | }, | 372 | }, |
| 373 | #endif | 373 | #endif |
| 374 | #ifdef CONFIG_SECURITY_CAPABILITIES | ||
| 374 | { | 375 | { |
| 375 | .procname = "cap-bound", | 376 | .procname = "cap-bound", |
| 376 | .data = &cap_bset, | 377 | .data = &cap_bset, |
| @@ -378,6 +379,7 @@ static struct ctl_table kern_table[] = { | |||
| 378 | .mode = 0600, | 379 | .mode = 0600, |
| 379 | .proc_handler = &proc_dointvec_bset, | 380 | .proc_handler = &proc_dointvec_bset, |
| 380 | }, | 381 | }, |
| 382 | #endif /* def CONFIG_SECURITY_CAPABILITIES */ | ||
| 381 | #ifdef CONFIG_BLK_DEV_INITRD | 383 | #ifdef CONFIG_BLK_DEV_INITRD |
| 382 | { | 384 | { |
| 383 | .ctl_name = KERN_REALROOTDEV, | 385 | .ctl_name = KERN_REALROOTDEV, |
| @@ -1872,10 +1874,11 @@ static int do_proc_dointvec_bset_conv(int *negp, unsigned long *lvalp, | |||
| 1872 | return 0; | 1874 | return 0; |
| 1873 | } | 1875 | } |
| 1874 | 1876 | ||
| 1877 | #ifdef CONFIG_SECURITY_CAPABILITIES | ||
| 1875 | /* | 1878 | /* |
| 1876 | * init may raise the set. | 1879 | * init may raise the set. |
| 1877 | */ | 1880 | */ |
| 1878 | 1881 | ||
| 1879 | int proc_dointvec_bset(struct ctl_table *table, int write, struct file *filp, | 1882 | int proc_dointvec_bset(struct ctl_table *table, int write, struct file *filp, |
| 1880 | void __user *buffer, size_t *lenp, loff_t *ppos) | 1883 | void __user *buffer, size_t *lenp, loff_t *ppos) |
| 1881 | { | 1884 | { |
| @@ -1889,6 +1892,7 @@ int proc_dointvec_bset(struct ctl_table *table, int write, struct file *filp, | |||
| 1889 | return do_proc_dointvec(table,write,filp,buffer,lenp,ppos, | 1892 | return do_proc_dointvec(table,write,filp,buffer,lenp,ppos, |
| 1890 | do_proc_dointvec_bset_conv,&op); | 1893 | do_proc_dointvec_bset_conv,&op); |
| 1891 | } | 1894 | } |
| 1895 | #endif /* def CONFIG_SECURITY_CAPABILITIES */ | ||
| 1892 | 1896 | ||
| 1893 | /* | 1897 | /* |
| 1894 | * Taint values can only be increased | 1898 | * Taint values can only be increased |
diff --git a/kernel/sysctl_check.c b/kernel/sysctl_check.c index f47c33d17032..3c9ef5a7d575 100644 --- a/kernel/sysctl_check.c +++ b/kernel/sysctl_check.c | |||
| @@ -38,7 +38,10 @@ static struct trans_ctl_table trans_kern_table[] = { | |||
| 38 | { KERN_NODENAME, "hostname" }, | 38 | { KERN_NODENAME, "hostname" }, |
| 39 | { KERN_DOMAINNAME, "domainname" }, | 39 | { KERN_DOMAINNAME, "domainname" }, |
| 40 | 40 | ||
| 41 | #ifdef CONFIG_SECURITY_CAPABILITIES | ||
| 41 | { KERN_CAP_BSET, "cap-bound" }, | 42 | { KERN_CAP_BSET, "cap-bound" }, |
| 43 | #endif /* def CONFIG_SECURITY_CAPABILITIES */ | ||
| 44 | |||
| 42 | { KERN_PANIC, "panic" }, | 45 | { KERN_PANIC, "panic" }, |
| 43 | { KERN_REALROOTDEV, "real-root-dev" }, | 46 | { KERN_REALROOTDEV, "real-root-dev" }, |
| 44 | 47 | ||
| @@ -1532,7 +1535,9 @@ int sysctl_check_table(struct ctl_table *table) | |||
| 1532 | (table->strategy == sysctl_ms_jiffies) || | 1535 | (table->strategy == sysctl_ms_jiffies) || |
| 1533 | (table->proc_handler == proc_dostring) || | 1536 | (table->proc_handler == proc_dostring) || |
| 1534 | (table->proc_handler == proc_dointvec) || | 1537 | (table->proc_handler == proc_dointvec) || |
| 1538 | #ifdef CONFIG_SECURITY_CAPABILITIES | ||
| 1535 | (table->proc_handler == proc_dointvec_bset) || | 1539 | (table->proc_handler == proc_dointvec_bset) || |
| 1540 | #endif /* def CONFIG_SECURITY_CAPABILITIES */ | ||
| 1536 | (table->proc_handler == proc_dointvec_minmax) || | 1541 | (table->proc_handler == proc_dointvec_minmax) || |
| 1537 | (table->proc_handler == proc_dointvec_jiffies) || | 1542 | (table->proc_handler == proc_dointvec_jiffies) || |
| 1538 | (table->proc_handler == proc_dointvec_userhz_jiffies) || | 1543 | (table->proc_handler == proc_dointvec_userhz_jiffies) || |