linux-security-module July 2008 archive
Main Archive Page > Month Archives  > linux-security-module archives
linux-security-module: Re: [PATCH 00/27] Introduce credentials [

Re: [PATCH 00/27] Introduce credentials [ver #6]

From: James Morris <jmorris_at_nospam>
Date: Mon Jul 14 2008 - 13:44:51 GMT
To: David Howells <dhowells@redhat.com>


On Fri, 11 Jul 2008, David Howells wrote:

> A tarball of these patches can be retrieved from:
>
> http://people.redhat.com/~dhowells/cow-creds-6.tar.bz2

I've applied an updated version to:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6.git#devel

It seems to be working ok so far on my system, although the changes need review after several patches had to be manually resolved following issues with stgit+git-format-patch.

I've added a fixup patch as follows:


Author: James Morris <jmorris@namei.org> Date: Mon Jul 14 23:11:36 2008 +1000

    security: credentials fixups for security-testing tree     

    Fix a couple of issues left over from the port of the patchset     to the security testing tree, where the dummy module has been     removed and replaced with capability.     

    Signed-off-by: James Morris <jmorris@namei.org>

diff --git a/security/capability.c b/security/capability.c index 5e6de1f..06df7f1 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -349,6 +349,16 @@ static void cap_cred_commit(struct cred *new, const struct cred *old)
 {
 }   +static int cap_kernel_act_as(struct cred *new, u32 secid) +{ + return 0; +} + +static int cap_kernel_create_files_as(struct cred *new, struct inode *inode) +{ + return 0; +} +
 static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)  {

        return 0;
@@ -890,7 +900,10 @@ void security_fixup_ops(struct security_operations *ops) set_to_cap_if_null(ops, cred_free); set_to_cap_if_null(ops, cred_prepare); set_to_cap_if_null(ops, cred_commit); + set_to_cap_if_null(ops, kernel_act_as); + set_to_cap_if_null(ops, kernel_create_files_as); set_to_cap_if_null(ops, task_setuid); + set_to_cap_if_null(ops, task_fix_setuid); set_to_cap_if_null(ops, task_setgid); set_to_cap_if_null(ops, task_setpgid); set_to_cap_if_null(ops, task_getpgid);


Please review/test.

  • James -- James Morris <jmorris@namei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html