From: Stephen Rothwell <sfr@canb•auug.org.au>
To: David Howells <dhowells@redhat•com>, James Morris <jmorris@namei•org>
Cc: linux-next@vger•kernel.org, Eric Paris <eparis@redhat•com>
Subject: linux-next: manual merge of the creds tree
Date: Thu, 13 Nov 2008 16:19:17 +1100 [thread overview]
Message-ID: <20081113161917.9fb40489.sfr@canb.auug.org.au> (raw)
Hi David,
Today's linux-next merge of the creds tree got a conflict in
kernel/capability.c between commit
e68b75a027bb94066576139ee33676264f867b87 ("When the capset syscall is
used it is not possible for audit to record the") from the
security-testing tree and commit 2ea2fe20bdef1300ea07a9c38dbfea5d0c042898
("CRED: Neuter sys_capset()") from the creds tree.
Context changes. I fixed it up (see below) and can carry the fix for now
(though I am not sure of this fix).
--
Cheers,
Stephen Rothwell sfr@canb•auug.org.au
http://www.canb.auug.org.au/~sfr/
diff --cc kernel/capability.c
index adb262f,6465ab7..0000000
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@@ -469,36 -259,18 +271,22 @@@ asmlinkage long sys_capset(cap_user_hea
i++;
}
+ ret = audit_log_capset(pid, &effective, &inheritable, &permitted);
+ if (ret)
+ return ret;
+
- if (pid && (pid != task_pid_vnr(current)))
- ret = do_sys_capset_other_tasks(pid, &effective, &inheritable,
- &permitted);
- else {
- /*
- * This lock is required even when filesystem
- * capability support is configured - it protects the
- * sys_capget() call from returning incorrect data in
- * the case that the targeted process is not the
- * current one.
- */
- spin_lock(&task_capability_lock);
-
- ret = security_capset_check(current, &effective, &inheritable,
- &permitted);
- /*
- * Having verified that the proposed changes are
- * legal, we now put them into effect.
- */
- if (!ret)
- security_capset_set(current, &effective, &inheritable,
- &permitted);
- spin_unlock(&task_capability_lock);
- }
+ new = prepare_creds();
+ if (!new)
+ return -ENOMEM;
+ ret = security_capset(new, current_cred(),
+ &effective, &inheritable, &permitted);
+ if (ret < 0)
+ goto error;
+ return commit_creds(new);
+ error:
+ abort_creds(new);
return ret;
}
next reply other threads:[~2008-11-13 5:19 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-13 5:19 Stephen Rothwell [this message]
-- strict thread matches above, loose matches on Subject: below --
2008-11-13 5:24 linux-next: manual merge of the creds tree Stephen Rothwell
2008-11-13 12:33 ` David Howells
2008-11-13 12:45 ` Stephen Rothwell
2008-11-13 14:46 ` Serge E. Hallyn
2008-11-13 5:09 Stephen Rothwell
2008-11-12 5:30 Stephen Rothwell
2008-11-12 18:23 ` David Howells
2008-11-12 22:32 ` Stephen Rothwell
2008-11-12 5:22 Stephen Rothwell
2008-11-07 7:49 Stephen Rothwell
2008-11-07 15:04 ` David Howells
2008-11-05 4:56 Stephen Rothwell
2008-11-05 12:08 ` David Howells
2008-11-05 23:19 ` James Morris
2008-11-06 11:13 ` David Howells
2008-10-31 6:06 Stephen Rothwell
2008-10-31 9:16 ` David Howells
2008-10-31 21:32 ` Eric Paris
2008-10-31 5:56 Stephen Rothwell
2008-10-31 10:37 ` David Howells
2008-10-31 5:47 Stephen Rothwell
2008-10-31 9:03 ` David Howells
2008-10-31 16:54 ` Eric Sandeen
2008-10-30 4:47 Stephen Rothwell
2008-10-30 8:03 ` Christoph Hellwig
2008-10-30 10:14 ` David Howells
2008-10-30 10:16 ` Christoph Hellwig
2008-10-30 12:31 ` David Howells
2008-10-31 0:55 ` Lachlan McIlroy
2008-10-31 2:49 ` Stephen Rothwell
2008-10-31 9:02 ` David Howells
2008-10-30 10:14 ` David Howells
2008-12-29 4:06 ` Stephen Rothwell
2008-10-21 6:07 Stephen Rothwell
2008-10-21 14:30 ` David Howells
2008-10-20 8:18 Stephen Rothwell
2008-10-20 11:55 ` David Howells
2008-10-17 6:13 Stephen Rothwell
2008-10-17 10:34 ` David Howells
2008-10-17 10:38 ` Kirill A. Shutemov
2008-10-17 6:08 Stephen Rothwell
2008-10-17 10:34 ` David Howells
2008-10-15 10:12 Stephen Rothwell
2008-10-15 12:00 ` David Howells
2008-10-15 10:05 Stephen Rothwell
2008-10-15 11:52 ` David Howells
2008-10-15 10:00 Stephen Rothwell
2008-10-15 12:02 ` David Howells
2008-10-15 9:55 Stephen Rothwell
2008-10-15 12:02 ` David Howells
2008-10-16 7:33 ` Stephen Rothwell
2008-10-15 9:48 Stephen Rothwell
2008-10-15 12:00 ` David Howells
2008-08-29 8:14 Stephen Rothwell
2008-08-29 8:56 ` James Morris
2008-08-29 10:18 ` David Howells
2008-08-28 6:42 Stephen Rothwell
2008-08-27 6:59 Stephen Rothwell
2008-08-18 6:33 Stephen Rothwell
2008-08-18 6:37 ` Stephen Rothwell
2008-08-15 7:38 Stephen Rothwell
2008-08-14 5:59 Stephen Rothwell
2008-08-12 7:13 Stephen Rothwell
2008-08-12 7:09 Stephen Rothwell
2008-08-08 6:08 Stephen Rothwell
2008-08-08 7:29 ` David Howells
2008-08-08 9:23 ` James Morris
2008-08-10 12:53 ` Stephen Rothwell
2008-08-10 13:23 ` Stephen Rothwell
2008-08-08 6:01 Stephen Rothwell
2008-08-08 6:03 ` Stephen Rothwell
2008-08-08 11:41 ` Jeff Layton
2008-08-08 15:25 ` Steve French
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081113161917.9fb40489.sfr@canb.auug.org.au \
--to=sfr@canb$(echo .)auug.org.au \
--cc=dhowells@redhat$(echo .)com \
--cc=eparis@redhat$(echo .)com \
--cc=jmorris@namei$(echo .)org \
--cc=linux-next@vger$(echo .)kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox