From: Alexander Gordeev <agordeev@linux.ibm.com>
To: "Christian Göttsche" <cgzones@googlemail.com>
Cc: selinux@vger.kernel.org,
"Felix Kuehling" <Felix.Kuehling@amd.com>,
"Alex Deucher" <alexander.deucher@amd.com>,
"Christian König" <christian.koenig@amd.com>,
"Pan, Xinhui" <Xinhui.Pan@amd.com>,
"David Airlie" <airlied@gmail.com>,
"Daniel Vetter" <daniel@ffwll.ch>,
"David S. Miller" <davem@davemloft.net>,
"Eric Dumazet" <edumazet@google.com>,
"Jakub Kicinski" <kuba@kernel.org>,
"Paolo Abeni" <pabeni@redhat.com>,
"Stefan Haberland" <sth@linux.ibm.com>,
"Jan Hoeppner" <hoeppner@linux.ibm.com>,
"Heiko Carstens" <hca@linux.ibm.com>,
"Vasily Gorbik" <gor@linux.ibm.com>,
"Christian Borntraeger" <borntraeger@linux.ibm.com>,
"Sven Schnelle" <svens@linux.ibm.com>,
amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
linux-s390@vger.kernel.org, bpf@vger.kernel.org
Subject: Re: [PATCH v4 5/9] drivers: use new capable_any functionality
Date: Tue, 16 May 2023 08:33:36 +0200 [thread overview]
Message-ID: <ZGMjwGTDgCGrfsC8@li-008a6a4c-3549-11b2-a85c-c5cc2836eea2.ibm.com> (raw)
In-Reply-To: <20230511142535.732324-5-cgzones@googlemail.com>
On Thu, May 11, 2023 at 04:25:28PM +0200, Christian Göttsche wrote:
> Use the new added capable_any function in appropriate cases, where a
> task is required to have any of two capabilities.
>
> Reorder CAP_SYS_ADMIN last.
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---
> v4:
> Additional usage in kfd_ioctl()
> v3:
> rename to capable_any()
> ---
> drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 3 +--
> drivers/net/caif/caif_serial.c | 2 +-
> drivers/s390/block/dasd_eckd.c | 2 +-
> 3 files changed, 3 insertions(+), 4 deletions(-)
...
> diff --git a/drivers/s390/block/dasd_eckd.c b/drivers/s390/block/dasd_eckd.c
> index ade1369fe5ed..67d1058bce1b 100644
> --- a/drivers/s390/block/dasd_eckd.c
> +++ b/drivers/s390/block/dasd_eckd.c
> @@ -5370,7 +5370,7 @@ static int dasd_symm_io(struct dasd_device *device, void __user *argp)
> char psf0, psf1;
> int rc;
>
> - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RAWIO))
> + if (!capable_any(CAP_SYS_RAWIO, CAP_SYS_ADMIN))
> return -EACCES;
> psf0 = psf1 = 0;
For s390 part:
Acked-by: Alexander Gordeev <agordeev@linux.ibm.com>
WARNING: multiple messages have this Message-ID (diff)
From: Alexander Gordeev <agordeev@linux.ibm.com>
To: "Christian Göttsche" <cgzones@googlemail.com>
Cc: "Jan Hoeppner" <hoeppner@linux.ibm.com>,
dri-devel@lists.freedesktop.org,
"Eric Dumazet" <edumazet@google.com>,
linux-s390@vger.kernel.org, amd-gfx@lists.freedesktop.org,
"Jakub Kicinski" <kuba@kernel.org>,
"Christian Borntraeger" <borntraeger@linux.ibm.com>,
"Vasily Gorbik" <gor@linux.ibm.com>,
selinux@vger.kernel.org, "Heiko Carstens" <hca@linux.ibm.com>,
"Stefan Haberland" <sth@linux.ibm.com>,
"Paolo Abeni" <pabeni@redhat.com>,
netdev@vger.kernel.org, "Felix Kuehling" <Felix.Kuehling@amd.com>,
"Pan, Xinhui" <Xinhui.Pan@amd.com>,
linux-kernel@vger.kernel.org,
"Christian König" <christian.koenig@amd.com>,
"Sven Schnelle" <svens@linux.ibm.com>,
"Alex Deucher" <alexander.deucher@amd.com>,
bpf@vger.kernel.org, "David S. Miller" <davem@davemloft.net>
Subject: Re: [PATCH v4 5/9] drivers: use new capable_any functionality
Date: Tue, 16 May 2023 08:33:36 +0200 [thread overview]
Message-ID: <ZGMjwGTDgCGrfsC8@li-008a6a4c-3549-11b2-a85c-c5cc2836eea2.ibm.com> (raw)
In-Reply-To: <20230511142535.732324-5-cgzones@googlemail.com>
On Thu, May 11, 2023 at 04:25:28PM +0200, Christian Göttsche wrote:
> Use the new added capable_any function in appropriate cases, where a
> task is required to have any of two capabilities.
>
> Reorder CAP_SYS_ADMIN last.
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---
> v4:
> Additional usage in kfd_ioctl()
> v3:
> rename to capable_any()
> ---
> drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 3 +--
> drivers/net/caif/caif_serial.c | 2 +-
> drivers/s390/block/dasd_eckd.c | 2 +-
> 3 files changed, 3 insertions(+), 4 deletions(-)
...
> diff --git a/drivers/s390/block/dasd_eckd.c b/drivers/s390/block/dasd_eckd.c
> index ade1369fe5ed..67d1058bce1b 100644
> --- a/drivers/s390/block/dasd_eckd.c
> +++ b/drivers/s390/block/dasd_eckd.c
> @@ -5370,7 +5370,7 @@ static int dasd_symm_io(struct dasd_device *device, void __user *argp)
> char psf0, psf1;
> int rc;
>
> - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RAWIO))
> + if (!capable_any(CAP_SYS_RAWIO, CAP_SYS_ADMIN))
> return -EACCES;
> psf0 = psf1 = 0;
For s390 part:
Acked-by: Alexander Gordeev <agordeev@linux.ibm.com>
WARNING: multiple messages have this Message-ID (diff)
From: Alexander Gordeev <agordeev@linux.ibm.com>
To: "Christian Göttsche" <cgzones@googlemail.com>
Cc: "Jan Hoeppner" <hoeppner@linux.ibm.com>,
dri-devel@lists.freedesktop.org,
"Eric Dumazet" <edumazet@google.com>,
"David Airlie" <airlied@gmail.com>,
linux-s390@vger.kernel.org, amd-gfx@lists.freedesktop.org,
"Jakub Kicinski" <kuba@kernel.org>,
"Christian Borntraeger" <borntraeger@linux.ibm.com>,
"Vasily Gorbik" <gor@linux.ibm.com>,
selinux@vger.kernel.org, "Heiko Carstens" <hca@linux.ibm.com>,
"Stefan Haberland" <sth@linux.ibm.com>,
"Paolo Abeni" <pabeni@redhat.com>,
netdev@vger.kernel.org, "Felix Kuehling" <Felix.Kuehling@amd.com>,
"Pan, Xinhui" <Xinhui.Pan@amd.com>,
linux-kernel@vger.kernel.org,
"Christian König" <christian.koenig@amd.com>,
"Sven Schnelle" <svens@linux.ibm.com>,
"Daniel Vetter" <daniel@ffwll.ch>,
"Alex Deucher" <alexander.deucher@amd.com>,
bpf@vger.kernel.org, "David S. Miller" <davem@davemloft.net>
Subject: Re: [PATCH v4 5/9] drivers: use new capable_any functionality
Date: Tue, 16 May 2023 08:33:36 +0200 [thread overview]
Message-ID: <ZGMjwGTDgCGrfsC8@li-008a6a4c-3549-11b2-a85c-c5cc2836eea2.ibm.com> (raw)
In-Reply-To: <20230511142535.732324-5-cgzones@googlemail.com>
On Thu, May 11, 2023 at 04:25:28PM +0200, Christian Göttsche wrote:
> Use the new added capable_any function in appropriate cases, where a
> task is required to have any of two capabilities.
>
> Reorder CAP_SYS_ADMIN last.
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---
> v4:
> Additional usage in kfd_ioctl()
> v3:
> rename to capable_any()
> ---
> drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 3 +--
> drivers/net/caif/caif_serial.c | 2 +-
> drivers/s390/block/dasd_eckd.c | 2 +-
> 3 files changed, 3 insertions(+), 4 deletions(-)
...
> diff --git a/drivers/s390/block/dasd_eckd.c b/drivers/s390/block/dasd_eckd.c
> index ade1369fe5ed..67d1058bce1b 100644
> --- a/drivers/s390/block/dasd_eckd.c
> +++ b/drivers/s390/block/dasd_eckd.c
> @@ -5370,7 +5370,7 @@ static int dasd_symm_io(struct dasd_device *device, void __user *argp)
> char psf0, psf1;
> int rc;
>
> - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RAWIO))
> + if (!capable_any(CAP_SYS_RAWIO, CAP_SYS_ADMIN))
> return -EACCES;
> psf0 = psf1 = 0;
For s390 part:
Acked-by: Alexander Gordeev <agordeev@linux.ibm.com>
next prev parent reply other threads:[~2023-05-16 6:38 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-11 14:25 [PATCH v4 1/9] capability: introduce new capable flag NODENYAUDIT Christian Göttsche
2023-05-11 14:25 ` [PATCH v4 2/9] capability: add any wrapper to test for multiple caps with exactly one audit message Christian Göttsche
2023-05-11 14:25 ` [PATCH v4 3/9] capability: use new capable_any functionality Christian Göttsche
2023-05-16 18:42 ` Andrii Nakryiko
2023-05-11 14:25 ` [PATCH v4 4/9] block: " Christian Göttsche
2023-05-11 15:35 ` Christoph Hellwig
2023-05-11 16:53 ` Christian Göttsche
2023-05-11 14:25 ` [PATCH v4 5/9] drivers: " Christian Göttsche
2023-05-11 14:25 ` Christian Göttsche
2023-05-11 14:25 ` Christian Göttsche
2023-05-16 6:33 ` Alexander Gordeev [this message]
2023-05-16 6:33 ` Alexander Gordeev
2023-05-16 6:33 ` Alexander Gordeev
2023-05-11 14:25 ` [PATCH v4 6/9] fs: " Christian Göttsche
2023-05-15 7:56 ` Christian Brauner
2023-05-11 14:25 ` [PATCH v4 7/9] kernel: " Christian Göttsche
2023-05-15 7:54 ` Christian Brauner
2023-05-11 14:25 ` [PATCH v4 8/9] bpf: " Christian Göttsche
2023-05-16 18:42 ` Andrii Nakryiko
2023-05-11 14:25 ` [PATCH v4 9/9] net: " Christian Göttsche
2023-05-22 13:56 ` Miquel Raynal
2023-05-11 14:25 ` [PATCH v4 0/9] Introduce capable_any() Christian Göttsche
2023-05-31 14:07 ` [PATCH v4 1/9] capability: introduce new capable flag NODENYAUDIT Serge E. Hallyn
2023-05-31 14:08 ` Serge E. Hallyn
2023-05-31 18:34 ` Christian Göttsche
2023-05-31 22:13 ` Paul Moore
2023-06-06 19:00 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZGMjwGTDgCGrfsC8@li-008a6a4c-3549-11b2-a85c-c5cc2836eea2.ibm.com \
--to=agordeev@linux.ibm.com \
--cc=Felix.Kuehling@amd.com \
--cc=Xinhui.Pan@amd.com \
--cc=airlied@gmail.com \
--cc=alexander.deucher@amd.com \
--cc=amd-gfx@lists.freedesktop.org \
--cc=borntraeger@linux.ibm.com \
--cc=bpf@vger.kernel.org \
--cc=cgzones@googlemail.com \
--cc=christian.koenig@amd.com \
--cc=daniel@ffwll.ch \
--cc=davem@davemloft.net \
--cc=dri-devel@lists.freedesktop.org \
--cc=edumazet@google.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=hoeppner@linux.ibm.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=selinux@vger.kernel.org \
--cc=sth@linux.ibm.com \
--cc=svens@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.