linux-security-module July 2008 archive
Main Archive Page > Month Archives  > linux-security-module archives
linux-security-module: Re: [PATCH 00/27] Introduce credentials [

Re: [PATCH 00/27] Introduce credentials [ver #6]

From: James Morris <jmorris_at_nospam>
Date: Mon Jul 14 2008 - 13:44:51 GMT
To: David Howells <>

On Fri, 11 Jul 2008, David Howells wrote:

> A tarball of these patches can be retrieved from:

I've applied an updated version to:

It seems to be working ok so far on my system, although the changes need review after several patches had to be manually resolved following issues with stgit+git-format-patch.

I've added a fixup patch as follows:

Author: James Morris <> Date: Mon Jul 14 23:11:36 2008 +1000

    security: credentials fixups for security-testing tree     

    Fix a couple of issues left over from the port of the patchset     to the security testing tree, where the dummy module has been     removed and replaced with capability.     

    Signed-off-by: James Morris <>

diff --git a/security/capability.c b/security/capability.c index 5e6de1f..06df7f1 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -349,6 +349,16 @@ static void cap_cred_commit(struct cred *new, const struct cred *old)
 }   +static int cap_kernel_act_as(struct cred *new, u32 secid) +{ + return 0; +} + +static int cap_kernel_create_files_as(struct cred *new, struct inode *inode) +{ + return 0; +} +
 static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)  {

        return 0;
@@ -890,7 +900,10 @@ void security_fixup_ops(struct security_operations *ops) set_to_cap_if_null(ops, cred_free); set_to_cap_if_null(ops, cred_prepare); set_to_cap_if_null(ops, cred_commit); + set_to_cap_if_null(ops, kernel_act_as); + set_to_cap_if_null(ops, kernel_create_files_as); set_to_cap_if_null(ops, task_setuid); + set_to_cap_if_null(ops, task_fix_setuid); set_to_cap_if_null(ops, task_setgid); set_to_cap_if_null(ops, task_setpgid); set_to_cap_if_null(ops, task_getpgid);

Please review/test.

  • James -- James Morris <> -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to More majordomo info at