From: Jan Engelhardt <jengelh@linux01.gwdg.de>
To: Greg KH <greg@kroah.com>
Cc: Arjan van de Ven <arjan@infradead.org>,
James Morris <jmorris@namei.org>,
Christoph Hellwig <hch@infradead.org>,
Andrew Morton <akpm@osdl.org>,
Stephen Smalley <sds@tycho.nsa.gov>,
T?r?k Edwin <edwin@gurde.com>,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, Chris Wright <chrisw@sous-sol.org>,
Linus Torvalds <torvalds@osdl.org>
Subject: [PATCH 1/4] security_cap_extra() and more
Date: Mon, 1 May 2006 15:48:54 +0200 (MEST) [thread overview]
Message-ID: <Pine.LNX.4.61.0605011548250.31804@yvahk01.tjqt.qr> (raw)
In-Reply-To: <Pine.LNX.4.61.0605011543180.31804@yvahk01.tjqt.qr>
[PATCH 1/4] security_cap_extra() and more
- Renames capable() to capable_light().
This function is used if only a capability is to be checked.
- Implement a new capable that calls security_cap_extra().
Since a subadmin has almost the same capabilities as a
superadmin, an extra helper is needed to decide whether an
action is allowed, based on the philosophy of the LSM.
- implement the .cap_extra LSM hook
Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
diff --fast -Ndpru -X dontdiff linux-2.6.17-rc3~/include/linux/capability.h linux-2.6.17-rc3+/include/linux/capability.h
--- linux-2.6.17-rc3~/include/linux/capability.h 2006-04-27 04:19:25.000000000 +0200
+++ linux-2.6.17-rc3+/include/linux/capability.h 2006-04-30 23:25:25.233048000 +0200
@@ -357,6 +357,8 @@ static inline kernel_cap_t cap_invert(ke
#define cap_is_fs_cap(c) (CAP_TO_MASK(c) & CAP_FS_MASK)
+int capable_light(int);
+int __capable_light(struct task_struct *, int);
int capable(int cap);
int __capable(struct task_struct *t, int cap);
diff --fast -Ndpru -X dontdiff linux-2.6.17-rc3~/include/linux/security.h linux-2.6.17-rc3+/include/linux/security.h
--- linux-2.6.17-rc3~/include/linux/security.h 2006-04-27 04:19:25.000000000 +0200
+++ linux-2.6.17-rc3+/include/linux/security.h 2006-04-30 23:25:35.893048000 +0200
@@ -1319,6 +1319,7 @@ struct security_operations {
#endif /* CONFIG_KEYS */
+ int (*cap_extra)(int);
};
/* global variables */
@@ -2018,6 +2019,11 @@ static inline int security_netlink_recv(
return security_ops->netlink_recv(skb);
}
+static inline int security_cap_extra(int cap)
+{
+ return security_ops->cap_extra(cap);
+}
+
/* prototypes */
extern int security_init (void);
extern int register_security (struct security_operations *ops);
@@ -2651,6 +2657,12 @@ static inline int security_netlink_recv
return cap_netlink_recv (skb);
}
+static inline int security_cap_extra(int cap);
+{
+ /* Capability test already passed. No more checks. => Allow. */
+ return 1;
+}
+
static inline struct dentry *securityfs_create_dir(const char *name,
struct dentry *parent)
{
diff --fast -Ndpru -X dontdiff linux-2.6.17-rc3~/kernel/capability.c linux-2.6.17-rc3+/kernel/capability.c
--- linux-2.6.17-rc3~/kernel/capability.c 2006-04-27 04:19:25.000000000 +0200
+++ linux-2.6.17-rc3+/kernel/capability.c 2006-04-30 23:30:06.143048000 +0200
@@ -238,7 +238,7 @@ int __capable(struct task_struct *t, int
{
if (security_capable(t, cap) == 0) {
t->flags |= PF_SUPERPRIV;
- return 1;
+ return security_cap_extra(cap);
}
return 0;
}
@@ -249,3 +249,20 @@ int capable(int cap)
return __capable(current, cap);
}
EXPORT_SYMBOL(capable);
+
+int __capable_light(struct task_struct *t, int cap)
+{
+ if (security_capable(t, cap) == 0) {
+ t->flags |= PF_SUPERPRIV;
+ return 1;
+ }
+ return 0;
+}
+EXPORT_SYMBOL(__capable_light);
+
+int capable_light(int cap)
+{
+ return __capable_light(current, cap);
+}
+EXPORT_SYMBOL(capable_light);
+
diff --fast -Ndpru -X dontdiff linux-2.6.17-rc3~/security/dummy.c linux-2.6.17-rc3+/security/dummy.c
--- linux-2.6.17-rc3~/security/dummy.c 2006-04-27 04:19:25.000000000 +0200
+++ linux-2.6.17-rc3+/security/dummy.c 2006-04-30 23:30:24.763048000 +0200
@@ -677,6 +677,11 @@ static int dummy_netlink_recv (struct sk
return 0;
}
+static int dummy_cap_extra(int cap)
+{
+ return 1; /* allow */
+}
+
#ifdef CONFIG_SECURITY_NETWORK
static int dummy_unix_stream_connect (struct socket *sock,
struct socket *other,
@@ -1040,5 +1045,6 @@ void security_fixup_ops (struct security
set_to_dummy_if_null(ops, key_permission);
#endif /* CONFIG_KEYS */
+ set_to_dummy_if_null(ops, cap_extra);
}
#<<eof>>
Jan Engelhardt
--
next prev parent reply other threads:[~2006-05-01 13:49 UTC|newest]
Thread overview: 253+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-02 9:40 [RFC] packet/socket owner match (fireflier) using skfilter Török Edwin
2006-04-03 15:18 ` James Morris
2006-04-03 15:39 ` Török Edwin
2006-04-05 15:06 ` Stephen Smalley
2006-04-07 17:34 ` Török Edwin
2006-04-07 18:24 ` [RFC][PATCH 0/7] fireflier LSM for labeling sockets based on its creator (owner) Török Edwin
2006-04-07 18:27 ` [RFC][PATCH 1/7] " Török Edwin
2006-04-12 19:11 ` Stephen Smalley
2006-04-14 20:02 ` Török Edwin
2006-04-07 18:38 ` [RFC][PATCH 2/7] implementation of LSM hooks Török Edwin
2006-04-12 17:42 ` Stephen Smalley
2006-04-14 20:01 ` [RESEND][RFC][PATCH " Török Edwin
2006-04-17 16:06 ` Stephen Smalley
2006-04-17 16:23 ` Christoph Hellwig
2006-04-17 17:03 ` Stephen Smalley
2006-04-17 17:08 ` Arjan van de Ven
2006-04-17 17:33 ` Christoph Hellwig
2006-04-17 18:02 ` Casey Schaufler
2006-04-17 18:15 ` Stephen Smalley
2006-04-17 19:26 ` Serge E. Hallyn
2006-04-17 19:31 ` James Morris
2006-04-17 19:47 ` Serge E. Hallyn
2006-04-17 20:02 ` Stephen Smalley
2006-04-19 14:52 ` David Safford
2006-04-19 15:26 ` Stephen Smalley
2006-04-19 17:57 ` Emily Ratliff
2006-04-19 18:33 ` Stephen Smalley
2006-04-20 12:27 ` Stephen Smalley
2006-04-19 15:47 ` Stephen Smalley
2006-04-17 22:15 ` Gerrit Huizenga
2006-04-17 22:48 ` Alan Cox
2006-04-17 22:58 ` James Morris
2006-04-18 2:00 ` Crispin Cowan
2006-04-17 22:55 ` Christoph Hellwig
2006-04-18 1:44 ` Gerrit Huizenga
2006-04-18 11:58 ` Christoph Hellwig
2006-04-18 16:50 ` Gerrit Huizenga
2006-04-18 17:27 ` Karl MacMillan
2006-04-18 19:31 ` Crispin Cowan
2006-04-18 19:50 ` Arjan van de Ven
2006-04-18 20:13 ` [Fireflier-devel] " Török Edwin
2006-04-18 20:31 ` Alan Cox
2006-04-18 19:33 ` [Fireflier-devel] Re: [RESEND][RFC][PATCH 2/7] implementationof " David Lang
2006-04-18 20:42 ` [Fireflier-devel] Re: [RESEND][RFC][PATCH 2/7] implementation of " Serge E. Hallyn
2006-04-18 20:23 ` Serge E. Hallyn
2006-04-19 18:32 ` Crispin Cowan
2006-04-19 18:48 ` Arjan van de Ven
2006-04-19 19:50 ` Jan Engelhardt
2006-04-19 18:50 ` Valdis.Kletnieks
2006-04-19 23:24 ` Tony Jones
2006-04-18 20:14 ` Stephen Smalley
2006-04-18 20:35 ` Crispin Cowan
2006-04-18 21:07 ` Greg KH
2006-04-19 12:22 ` Stephen Smalley
2006-04-18 20:26 ` Alan Cox
2006-04-18 20:57 ` Crispin Cowan
2006-04-18 21:36 ` James Morris
2006-04-18 23:09 ` Crispin Cowan
2006-04-18 23:27 ` Chris Wright
2006-04-18 23:57 ` James Morris
2006-04-19 1:48 ` Casey Schaufler
2006-04-19 6:40 ` Kyle Moffett
2006-04-19 6:56 ` Valdis.Kletnieks
2006-04-19 11:41 ` Serge E. Hallyn
2006-04-19 15:51 ` Valdis.Kletnieks
2006-04-19 16:00 ` Gene Heskett
2006-04-20 6:51 ` Kyle Moffett
2006-04-20 12:40 ` Stephen Smalley
2006-04-21 1:00 ` Nix
2006-04-21 14:24 ` Stephen Smalley
2006-04-24 8:14 ` Lars Marowsky-Bree
2006-04-25 0:19 ` Valdis.Kletnieks
2006-04-25 7:21 ` Nix
2006-04-19 7:44 ` Arjan van de Ven
2006-04-19 11:53 ` Serge E. Hallyn
2006-04-19 12:56 ` Stephen Smalley
2006-04-19 12:54 ` Stephen Smalley
2006-04-19 16:42 ` Casey Schaufler
2006-04-19 18:01 ` Stephen Smalley
2006-04-20 4:10 ` Casey Schaufler
2006-04-20 4:29 ` James Morris
2006-04-20 4:56 ` Chris Wright
2006-04-18 23:16 ` Casey Schaufler
2006-04-18 23:19 ` Christoph Hellwig
2006-04-19 5:22 ` Arjan van de Ven
2006-04-19 12:40 ` Stephen Smalley
2006-04-18 23:09 ` Casey Schaufler
2006-04-19 5:23 ` Arjan van de Ven
2006-04-18 18:46 ` Alan Cox
2006-04-18 19:59 ` Serge E. Hallyn
2006-04-18 20:20 ` Stephen Smalley
2006-04-18 20:36 ` Serge E. Hallyn
2006-04-18 23:00 ` Casey Schaufler
2006-04-19 9:03 ` Bernhard R. Link
2006-04-18 21:38 ` Kurt Garloff
2006-04-19 7:04 ` Valdis.Kletnieks
2006-04-19 7:36 ` Arjan van de Ven
2006-04-19 12:10 ` Serge E. Hallyn
2006-04-19 12:55 ` Yuichi Nakamura
2006-04-19 15:44 ` Greg KH
2006-04-19 16:02 ` Stephen Smalley
2006-04-19 16:06 ` Greg KH
2006-04-19 21:10 ` Crispin Cowan
2006-04-19 21:48 ` Yuichi Nakamura
2006-04-20 12:44 ` Karl MacMillan
2006-04-19 13:09 ` Stephen Smalley
2006-04-18 11:59 ` Stephen Smalley
2006-04-17 23:09 ` Chris Wright
2006-04-17 19:37 ` Stephen Smalley
2006-04-18 13:05 ` Kazuki Omo(Company)
2006-04-18 13:37 ` James Morris
2006-04-18 14:45 ` Greg KH
2006-04-18 15:51 ` Casey Schaufler
2006-04-18 16:07 ` Greg KH
2006-04-17 19:20 ` Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks) James Morris
2006-04-17 19:51 ` Greg KH
2006-04-17 20:08 ` Arjan van de Ven
2006-04-17 21:26 ` Alan Cox
2006-04-17 23:26 ` Casey Schaufler
2006-04-18 2:29 ` Valdis.Kletnieks
2006-04-18 12:22 ` Serge E. Hallyn
2006-04-18 12:59 ` Stephen Smalley
[not found] ` <20060418132121.GE7562@sergelap.austin.ibm.com>
2006-04-18 13:40 ` Stephen Smalley
2006-04-18 20:13 ` Crispin Cowan
2006-04-18 23:01 ` Valdis.Kletnieks
2006-04-20 0:19 ` Crispin Cowan
2006-04-20 15:27 ` Valdis.Kletnieks
2006-04-21 15:23 ` Ken Brush
2006-04-21 19:51 ` Valdis.Kletnieks
2006-04-22 20:52 ` Ken Brush
2006-04-23 9:45 ` Valdis.Kletnieks
2006-04-24 8:24 ` Lars Marowsky-Bree
2006-04-24 12:42 ` Alan Cox
2006-04-24 12:44 ` Lars Marowsky-Bree
2006-04-24 12:45 ` Olivier Galibert
2006-04-24 12:54 ` Arjan van de Ven
2006-04-24 13:09 ` Serge E. Hallyn
2006-04-24 13:16 ` Arjan van de Ven
2006-04-24 13:29 ` Serge E. Hallyn
2006-04-24 13:40 ` Arjan van de Ven
2006-04-24 13:54 ` Serge E. Hallyn
2006-04-24 14:07 ` Arjan van de Ven
2006-04-25 19:06 ` Serge E. Hallyn
2006-04-25 4:07 ` Casey Schaufler
2006-04-24 14:08 ` Olivier Galibert
2006-04-25 16:29 ` Stephen Smalley
2006-04-25 22:26 ` Olivier Galibert
2006-04-26 12:14 ` Stephen Smalley
2006-04-26 16:03 ` Olivier Galibert
2006-04-27 6:56 ` Thomas Bleher
2006-04-24 12:55 ` Serge E. Hallyn
2006-04-24 12:56 ` Serge E. Hallyn
2006-04-24 14:02 ` Alan Cox
2006-04-24 14:04 ` Serge E. Hallyn
2006-04-24 14:31 ` Alan Cox
2006-04-24 14:28 ` Serge E. Hallyn
2006-04-24 14:45 ` David Lang
2006-04-24 16:50 ` Arjan van de Ven
2006-04-25 16:31 ` Stephen Smalley
2006-04-25 16:23 ` Stephen Smalley
2006-04-25 2:06 ` Valdis.Kletnieks
2006-04-25 7:36 ` Lars Marowsky-Bree
2006-04-20 21:13 ` Pavel Machek
2006-04-23 3:50 ` Crispin Cowan
2006-04-23 9:33 ` Valdis.Kletnieks
2006-04-23 14:58 ` Thomas Bleher
2006-04-24 8:28 ` Lars Marowsky-Bree
2006-04-24 8:37 ` Arjan van de Ven
2006-04-24 8:54 ` Lars Marowsky-Bree
2006-04-24 9:12 ` Arjan van de Ven
2006-04-25 0:31 ` Valdis.Kletnieks
2006-04-20 17:46 ` Pavel Machek
2006-04-18 2:38 ` Valdis.Kletnieks
2006-04-19 8:16 ` Jan Engelhardt
2006-04-19 15:40 ` Greg KH
2006-04-19 16:33 ` James Morris
2006-04-19 18:10 ` Greg KH
2006-04-19 19:33 ` Chris Wright
2006-04-20 12:39 ` Stephen Smalley
2006-04-20 12:51 ` Serge E. Hallyn
2006-04-20 15:00 ` Removing EXPORT_SYMBOL(security_ops) (was Re: Time to remove LSM) Greg KH
2006-04-20 14:20 ` Stephen Smalley
2006-04-20 16:15 ` Greg KH
2006-04-20 16:23 ` Christoph Hellwig
2006-04-20 16:34 ` Stephen Smalley
2006-04-20 16:46 ` Greg KH
2006-04-20 17:00 ` Stephen Smalley
2006-04-20 17:01 ` [PATCH] make security_ops EXPORT_SYMBOL_GPL() Greg KH
2006-04-20 18:08 ` Linus Torvalds
2006-04-20 19:34 ` Greg KH
2006-04-21 16:50 ` Greg KH
2006-04-21 17:34 ` Chris Wright
2006-04-20 17:02 ` Removing EXPORT_SYMBOL(security_ops) (was Re: Time to remove LSM) Tony Jones
2006-04-20 20:14 ` Chris Wright
2006-04-19 19:22 ` Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks) Jan Engelhardt
2006-04-19 20:48 ` Greg KH
2006-04-19 20:59 ` Serge E. Hallyn
2006-04-19 21:08 ` Randy.Dunlap
2006-04-19 16:00 ` Arjan van de Ven
2006-04-19 19:06 ` Jan Engelhardt
2006-04-19 20:11 ` Greg KH
2006-04-19 20:52 ` Randy.Dunlap
2006-04-19 20:54 ` Arjan van de Ven
2006-04-19 21:05 ` Jan Engelhardt
2006-04-20 12:20 ` Stephen Smalley
2006-04-21 13:30 ` Jan Engelhardt
2006-04-21 15:05 ` Greg KH
2006-05-01 13:45 ` [PATCH 0/4] MultiAdmin LSM Jan Engelhardt
2006-05-01 13:48 ` Jan Engelhardt [this message]
2006-05-01 13:49 ` [PATCH 2/4] Use of capable_light() Jan Engelhardt
2006-05-01 13:49 ` [PATCH 3/4] task_post_setgid() Jan Engelhardt
2006-05-01 13:50 ` [PATCH 4/4] MultiAdmin module Jan Engelhardt
2006-05-01 14:56 ` James Morris
2006-05-01 15:05 ` Greg KH
2006-05-01 13:50 ` [PATCH 0/4] MultiAdmin LSM Arjan van de Ven
2006-05-01 16:03 ` [PATCH 4a/4] MultiAdmin LSM (LKCS'ed) Jan Engelhardt
2006-05-01 16:47 ` Greg KH
2006-05-01 17:42 ` Jan Engelhardt
2006-05-01 18:07 ` Greg KH
2006-05-01 20:19 ` Jan Engelhardt
2006-05-01 21:47 ` Adrian Bunk
2006-05-01 20:56 ` [PATCH 0/4] MultiAdmin LSM Pavel Machek
2006-05-02 4:22 ` James Morris
2006-04-21 16:25 ` Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks) Stephen Smalley
2006-04-21 18:57 ` Jan Engelhardt
2006-04-21 19:56 ` Stephen Smalley
2006-04-22 11:13 ` Jan Engelhardt
2006-04-20 23:41 ` Pavel Machek
2006-04-19 17:00 ` Valdis.Kletnieks
2006-04-17 20:20 ` Chris Wright
2006-04-17 20:24 ` Arjan van de Ven
2006-04-17 20:27 ` Time to remove LSM David S. Miller
2006-04-17 20:27 ` Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks) Chris Wright
2006-04-17 20:34 ` Greg KH
2006-04-17 20:38 ` Chris Wright
2006-04-17 20:43 ` Arjan van de Ven
2006-04-17 20:53 ` Chris Wright
2006-04-17 20:45 ` alan
[not found] ` <2e00cdfd0604171437g1d6c6923w5db82f317ed0f56@mail.gmail.com>
2006-04-17 22:07 ` Chris Wright
2006-04-17 22:10 ` Arjan van de Ven
2006-04-17 20:51 ` Adrian Bunk
2006-04-17 20:08 ` [RESEND][RFC][PATCH 2/7] implementation of LSM hooks David S. Miller
2006-04-17 18:20 ` Török Edwin
2006-04-07 18:39 ` [RFC][PATCH 3/7] sidtab - hashtable to store SIDs Török Edwin
2006-04-07 18:41 ` [RFC][PATCH 4/7] exports Török Edwin
2006-04-07 18:43 ` [RFC][PATCH 5/7] debugging/testing support Török Edwin
2006-04-07 18:44 ` [RFC][PATCH 6/7] userspace Török Edwin
2006-04-07 18:46 ` [RFC][PATCH 7/7] stacking support for capability module Török Edwin
2006-04-07 19:18 ` Serge E. Hallyn
2006-04-07 19:45 ` [RFC][PATCH 0/7] fireflier LSM for labeling sockets based on its creator (owner) Chris Wright
2006-04-08 7:41 ` edwin
2006-04-21 15:26 ` [RFC] packet/socket owner match (fireflier) using skfilter Mikado
2006-04-21 16:18 ` Török Edwin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.61.0605011548250.31804@yvahk01.tjqt.qr \
--to=jengelh@linux01.gwdg.de \
--cc=akpm@osdl.org \
--cc=arjan@infradead.org \
--cc=chrisw@sous-sol.org \
--cc=edwin@gurde.com \
--cc=greg@kroah.com \
--cc=hch@infradead.org \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).