From: rgb@redhat.com (Richard Guy Briggs) To: linux-security-module@vger.kernel.org Subject: [PATCH V3 03/10] capabilities: rename has_cap to has_fcap Date: Wed, 23 Aug 2017 06:12:54 -0400 [thread overview] Message-ID: <8d77769c458b997ac9b07363bb865415a937848e.1503459890.git.rgb@redhat.com> (raw) In-Reply-To: <cover.1503459890.git.rgb@redhat.com> Rename has_cap to has_fcap to clarify it applies to file capabilities since the entire source file is about capabilities. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> --- security/commoncap.c | 20 ++++++++++---------- 1 files changed, 10 insertions(+), 10 deletions(-) diff --git a/security/commoncap.c b/security/commoncap.c index 6f05ec0..028d4e4 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -339,7 +339,7 @@ int cap_inode_killpriv(struct dentry *dentry) static inline int bprm_caps_from_vfs_caps(struct cpu_vfs_cap_data *caps, struct linux_binprm *bprm, bool *effective, - bool *has_cap) + bool *has_fcap) { struct cred *new = bprm->cred; unsigned i; @@ -349,7 +349,7 @@ static inline int bprm_caps_from_vfs_caps(struct cpu_vfs_cap_data *caps, *effective = true; if (caps->magic_etc & VFS_CAP_REVISION_MASK) - *has_cap = true; + *has_fcap = true; CAP_FOR_EACH_U32(i) { __u32 permitted = caps->permitted.cap[i]; @@ -438,7 +438,7 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data * its xattrs and, if present, apply them to the proposed credentials being * constructed by execve(). */ -static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_cap) +static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_fcap) { int rc = 0; struct cpu_vfs_cap_data vcaps; @@ -469,7 +469,7 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c goto out; } - rc = bprm_caps_from_vfs_caps(&vcaps, bprm, effective, has_cap); + rc = bprm_caps_from_vfs_caps(&vcaps, bprm, effective, has_fcap); if (rc == -EINVAL) printk(KERN_NOTICE "%s: cap_from_disk returned %d for %s\n", __func__, rc, bprm->filename); @@ -481,7 +481,7 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c return rc; } -void handle_privileged_root(struct linux_binprm *bprm, bool has_cap, bool *effective, kuid_t root_uid) +void handle_privileged_root(struct linux_binprm *bprm, bool has_fcap, bool *effective, kuid_t root_uid) { const struct cred *old = current_cred(); struct cred *new = bprm->cred; @@ -493,7 +493,7 @@ void handle_privileged_root(struct linux_binprm *bprm, bool has_cap, bool *effec * for a setuid root binary run by a non-root user. Do set it * for a root user just to cause least surprise to an admin. */ - if (has_cap && !uid_eq(new->uid, root_uid) && uid_eq(new->euid, root_uid)) { + if (has_fcap && !uid_eq(new->uid, root_uid) && uid_eq(new->euid, root_uid)) { warn_setuid_and_fcaps_mixed(bprm->filename); return; } @@ -531,20 +531,20 @@ int cap_bprm_set_creds(struct linux_binprm *bprm) { const struct cred *old = current_cred(); struct cred *new = bprm->cred; - bool effective = false, has_cap = false, is_setid; + bool effective = false, has_fcap = false, is_setid; int ret; kuid_t root_uid; if (WARN_ON(!cap_ambient_invariant_ok(old))) return -EPERM; - ret = get_file_caps(bprm, &effective, &has_cap); + ret = get_file_caps(bprm, &effective, &has_fcap); if (ret < 0) return ret; root_uid = make_kuid(new->user_ns, 0); - handle_privileged_root(bprm, has_cap, &effective, root_uid); + handle_privileged_root(bprm, has_fcap, &effective, root_uid); /* if we have fs caps, clear dangerous personality flags */ if (cap_gained(permitted, new, old)) @@ -574,7 +574,7 @@ int cap_bprm_set_creds(struct linux_binprm *bprm) new->sgid = new->fsgid = new->egid; /* File caps or setid cancels ambient. */ - if (has_cap || is_setid) + if (has_fcap || is_setid) cap_clear(new->cap_ambient); /* -- 1.7.1 -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Richard Guy Briggs <rgb@redhat.com> To: linux-security-module@vger.kernel.org, linux-audit@redhat.com Cc: Richard Guy Briggs <rgb@redhat.com>, Andy Lutomirski <luto@kernel.org>, "Serge E. Hallyn" <serge.hallyn@ubuntu.com>, Kees Cook <keescook@chromium.org>, James Morris <james.l.morris@oracle.com>, Eric Paris <eparis@redhat.com>, Paul Moore <pmoore@redhat.com>, Steve Grubb <sgrubb@redhat.com> Subject: [PATCH V3 03/10] capabilities: rename has_cap to has_fcap Date: Wed, 23 Aug 2017 06:12:54 -0400 [thread overview] Message-ID: <8d77769c458b997ac9b07363bb865415a937848e.1503459890.git.rgb@redhat.com> (raw) In-Reply-To: <cover.1503459890.git.rgb@redhat.com> In-Reply-To: <cover.1503459890.git.rgb@redhat.com> Rename has_cap to has_fcap to clarify it applies to file capabilities since the entire source file is about capabilities. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> --- security/commoncap.c | 20 ++++++++++---------- 1 files changed, 10 insertions(+), 10 deletions(-) diff --git a/security/commoncap.c b/security/commoncap.c index 6f05ec0..028d4e4 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -339,7 +339,7 @@ int cap_inode_killpriv(struct dentry *dentry) static inline int bprm_caps_from_vfs_caps(struct cpu_vfs_cap_data *caps, struct linux_binprm *bprm, bool *effective, - bool *has_cap) + bool *has_fcap) { struct cred *new = bprm->cred; unsigned i; @@ -349,7 +349,7 @@ static inline int bprm_caps_from_vfs_caps(struct cpu_vfs_cap_data *caps, *effective = true; if (caps->magic_etc & VFS_CAP_REVISION_MASK) - *has_cap = true; + *has_fcap = true; CAP_FOR_EACH_U32(i) { __u32 permitted = caps->permitted.cap[i]; @@ -438,7 +438,7 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data * its xattrs and, if present, apply them to the proposed credentials being * constructed by execve(). */ -static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_cap) +static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_fcap) { int rc = 0; struct cpu_vfs_cap_data vcaps; @@ -469,7 +469,7 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c goto out; } - rc = bprm_caps_from_vfs_caps(&vcaps, bprm, effective, has_cap); + rc = bprm_caps_from_vfs_caps(&vcaps, bprm, effective, has_fcap); if (rc == -EINVAL) printk(KERN_NOTICE "%s: cap_from_disk returned %d for %s\n", __func__, rc, bprm->filename); @@ -481,7 +481,7 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c return rc; } -void handle_privileged_root(struct linux_binprm *bprm, bool has_cap, bool *effective, kuid_t root_uid) +void handle_privileged_root(struct linux_binprm *bprm, bool has_fcap, bool *effective, kuid_t root_uid) { const struct cred *old = current_cred(); struct cred *new = bprm->cred; @@ -493,7 +493,7 @@ void handle_privileged_root(struct linux_binprm *bprm, bool has_cap, bool *effec * for a setuid root binary run by a non-root user. Do set it * for a root user just to cause least surprise to an admin. */ - if (has_cap && !uid_eq(new->uid, root_uid) && uid_eq(new->euid, root_uid)) { + if (has_fcap && !uid_eq(new->uid, root_uid) && uid_eq(new->euid, root_uid)) { warn_setuid_and_fcaps_mixed(bprm->filename); return; } @@ -531,20 +531,20 @@ int cap_bprm_set_creds(struct linux_binprm *bprm) { const struct cred *old = current_cred(); struct cred *new = bprm->cred; - bool effective = false, has_cap = false, is_setid; + bool effective = false, has_fcap = false, is_setid; int ret; kuid_t root_uid; if (WARN_ON(!cap_ambient_invariant_ok(old))) return -EPERM; - ret = get_file_caps(bprm, &effective, &has_cap); + ret = get_file_caps(bprm, &effective, &has_fcap); if (ret < 0) return ret; root_uid = make_kuid(new->user_ns, 0); - handle_privileged_root(bprm, has_cap, &effective, root_uid); + handle_privileged_root(bprm, has_fcap, &effective, root_uid); /* if we have fs caps, clear dangerous personality flags */ if (cap_gained(permitted, new, old)) @@ -574,7 +574,7 @@ int cap_bprm_set_creds(struct linux_binprm *bprm) new->sgid = new->fsgid = new->egid; /* File caps or setid cancels ambient. */ - if (has_cap || is_setid) + if (has_fcap || is_setid) cap_clear(new->cap_ambient); /* -- 1.7.1
next prev parent reply other threads:[~2017-08-23 10:12 UTC|newest] Thread overview: 114+ messages / expand[flat|nested] mbox.gz Atom feed top 2017-08-23 10:12 [PATCH V3 00/10] capabilities: do not audit log BPRM_FCAPS on set*id Richard Guy Briggs 2017-08-23 10:12 ` Richard Guy Briggs 2017-08-23 10:12 ` [PATCH V3 01/10] capabilities: factor out cap_bprm_set_creds privileged root Richard Guy Briggs 2017-08-23 10:12 ` Richard Guy Briggs 2017-08-24 15:42 ` Serge E. Hallyn 2017-08-24 15:42 ` Serge E. Hallyn 2017-08-25 5:55 ` James Morris 2017-08-25 5:55 ` James Morris 2017-08-25 10:49 ` Richard Guy Briggs 2017-08-25 10:49 ` Richard Guy Briggs 2017-08-23 10:12 ` [PATCH V3 02/10] capabilities: intuitive names for cap gain status Richard Guy Briggs 2017-08-23 10:12 ` Richard Guy Briggs 2017-08-24 16:03 ` Serge E. Hallyn 2017-08-24 16:03 ` Serge E. Hallyn 2017-08-24 16:19 ` Richard Guy Briggs 2017-08-24 16:19 ` Richard Guy Briggs 2017-08-24 16:37 ` Serge E. Hallyn 2017-08-24 16:37 ` Serge E. Hallyn 2017-08-24 19:06 ` Kees Cook 2017-08-24 19:06 ` Kees Cook 2017-08-24 21:17 ` Paul Moore 2017-08-24 21:17 ` Paul Moore 2017-08-28 9:19 ` Richard Guy Briggs 2017-08-28 9:19 ` Richard Guy Briggs 2017-08-28 11:08 ` Richard Guy Briggs 2017-08-28 11:08 ` Richard Guy Briggs 2017-09-01 10:18 ` Richard Guy Briggs 2017-09-01 10:18 ` Richard Guy Briggs 2017-09-02 5:37 ` Serge E. Hallyn 2017-09-02 5:37 ` Serge E. Hallyn 2017-09-04 6:57 ` Richard Guy Briggs 2017-09-04 6:57 ` Richard Guy Briggs 2017-09-05 6:45 ` Richard Guy Briggs 2017-09-05 6:45 ` Richard Guy Briggs 2017-08-25 5:56 ` James Morris 2017-08-25 5:56 ` James Morris 2017-08-25 15:08 ` Andy Lutomirski 2017-08-25 15:08 ` Andy Lutomirski 2017-08-25 18:47 ` Serge E. Hallyn 2017-08-25 18:47 ` Serge E. Hallyn 2017-08-23 10:12 ` Richard Guy Briggs [this message] 2017-08-23 10:12 ` [PATCH V3 03/10] capabilities: rename has_cap to has_fcap Richard Guy Briggs 2017-08-24 16:10 ` Serge E. Hallyn 2017-08-24 16:10 ` Serge E. Hallyn 2017-08-25 5:56 ` James Morris 2017-08-25 5:56 ` James Morris 2017-08-23 10:12 ` [PATCH V3 04/10] capabilities: use root_priveleged inline to clarify logic Richard Guy Briggs 2017-08-23 10:12 ` Richard Guy Briggs 2017-08-24 16:14 ` Serge E. Hallyn 2017-08-24 16:14 ` Serge E. Hallyn 2017-08-25 5:58 ` James Morris 2017-08-25 5:58 ` James Morris 2017-08-28 12:03 ` Richard Guy Briggs 2017-08-28 12:03 ` Richard Guy Briggs 2017-08-31 14:49 ` Serge E. Hallyn 2017-08-31 14:49 ` Serge E. Hallyn 2017-08-23 10:12 ` [PATCH V3 05/10] capabilities: use intuitive names for id changes Richard Guy Briggs 2017-08-23 10:12 ` Richard Guy Briggs 2017-08-24 16:17 ` Serge E. Hallyn 2017-08-24 16:17 ` Serge E. Hallyn 2017-08-25 5:59 ` James Morris 2017-08-25 5:59 ` James Morris 2017-08-25 15:06 ` Andy Lutomirski 2017-08-25 15:06 ` Andy Lutomirski 2017-08-25 18:51 ` Serge E. Hallyn 2017-08-25 18:51 ` Serge E. Hallyn 2017-08-25 19:45 ` Andy Lutomirski 2017-08-25 19:45 ` Andy Lutomirski 2017-08-25 20:06 ` Serge E. Hallyn 2017-08-25 20:06 ` Serge E. Hallyn 2017-08-28 1:32 ` James Morris 2017-08-28 1:32 ` James Morris 2017-08-28 9:12 ` Richard Guy Briggs 2017-08-28 9:12 ` Richard Guy Briggs 2017-08-28 20:12 ` Andy Lutomirski 2017-08-28 20:12 ` Andy Lutomirski 2017-08-23 10:12 ` [PATCH V3 06/10] capabilities: move audit log decision to function Richard Guy Briggs 2017-08-23 10:12 ` Richard Guy Briggs 2017-08-24 16:18 ` Serge E. Hallyn 2017-08-24 16:18 ` Serge E. Hallyn 2017-08-25 6:01 ` James Morris 2017-08-25 6:01 ` James Morris 2017-08-23 10:12 ` [PATCH V3 07/10] capabilities: remove a layer of conditional logic Richard Guy Briggs 2017-08-23 10:12 ` Richard Guy Briggs 2017-08-24 16:20 ` Serge E. Hallyn 2017-08-24 16:20 ` Serge E. Hallyn 2017-08-25 5:47 ` James Morris 2017-08-25 5:47 ` James Morris 2017-08-25 15:11 ` Andy Lutomirski 2017-08-25 15:11 ` Andy Lutomirski 2017-08-25 18:53 ` Serge E. Hallyn 2017-08-25 18:53 ` Serge E. Hallyn 2017-08-23 10:12 ` [PATCH V3 08/10] capabilities: invert logic for clarity Richard Guy Briggs 2017-08-23 10:12 ` Richard Guy Briggs 2017-08-24 16:23 ` Serge E. Hallyn 2017-08-24 16:23 ` Serge E. Hallyn 2017-08-25 5:47 ` James Morris 2017-08-25 5:47 ` James Morris 2017-08-23 10:13 ` [PATCH V3 09/10] capabilities: fix logic for effective root or real root Richard Guy Briggs 2017-08-23 10:13 ` Richard Guy Briggs 2017-08-24 16:29 ` Serge E. Hallyn 2017-08-24 16:29 ` Serge E. Hallyn 2017-08-24 16:44 ` Richard Guy Briggs 2017-08-24 16:44 ` Richard Guy Briggs 2017-08-24 16:47 ` Serge E. Hallyn 2017-08-24 16:47 ` Serge E. Hallyn 2017-08-25 5:48 ` James Morris 2017-08-25 5:48 ` James Morris 2017-08-23 10:13 ` [PATCH V3 10/10] capabilities: audit log other surprising conditions Richard Guy Briggs 2017-08-23 10:13 ` Richard Guy Briggs 2017-08-24 16:35 ` Serge E. Hallyn 2017-08-24 16:35 ` Serge E. Hallyn 2017-08-25 5:50 ` James Morris 2017-08-25 5:50 ` James Morris
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=8d77769c458b997ac9b07363bb865415a937848e.1503459890.git.rgb@redhat.com \ --to=rgb@redhat.com \ --cc=linux-security-module@vger.kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.