Re: [PATCH 00/27] Introduce credentials [ver #6]

From: James Morris <jmorris_at_nospam>
Date: Mon Jul 14 2008 - 13:44:51 GMT
To: David Howells <dhowells@redhat.com>

On Fri, 11 Jul 2008, David Howells wrote:

> A tarball of these patches can be retrieved from:
>
> http://people.redhat.com/~dhowells/cow-creds-6.tar.bz2

I've applied an updated version to:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6.git#devel

It seems to be working ok so far on my system, although the changes need review after several patches had to be manually resolved following issues with stgit+git-format-patch.

I've added a fixup patch as follows:

Author: James Morris <jmorris@namei.org> Date: Mon Jul 14 23:11:36 2008 +1000

security: credentials fixups for security-testing tree

Fix a couple of issues left over from the port of the patchset to the security testing tree, where the dummy module has been removed and replaced with capability.

Signed-off-by: James Morris <jmorris@namei.org>

diff --git a/security/capability.c b/security/capability.c index 5e6de1f..06df7f1 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -349,6 +349,16 @@ static void cap_cred_commit(struct cred *new, const struct cred *old)
{
} +static int cap_kernel_act_as(struct cred *new, u32 secid) +{ + return 0; +} + +static int cap_kernel_create_files_as(struct cred *new, struct inode *inode) +{ + return 0; +} +
static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) {

return 0;
@@ -890,7 +900,10 @@ void security_fixup_ops(struct security_operations *ops) set_to_cap_if_null(ops, cred_free); set_to_cap_if_null(ops, cred_prepare); set_to_cap_if_null(ops, cred_commit); + set_to_cap_if_null(ops, kernel_act_as); + set_to_cap_if_null(ops, kernel_create_files_as); set_to_cap_if_null(ops, task_setuid); + set_to_cap_if_null(ops, task_fix_setuid); set_to_cap_if_null(ops, task_setgid); set_to_cap_if_null(ops, task_setpgid); set_to_cap_if_null(ops, task_getpgid);

Please review/test.

James -- James Morris <jmorris@namei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

This message: [ Message body ]
Next message: David Howells: "Re: [PATCH 00/27] Introduce credentials [ver #6]"
Previous message: Tetsuo Handa: "Should LSM hooks be called by filesystem's requests?"
In reply to: David Howells: "[PATCH 00/27] Introduce credentials [ver #6]"
Next in thread: David Howells: "Re: [PATCH 00/27] Introduce credentials [ver #6]"
Reply: David Howells: "Re: [PATCH 00/27] Introduce credentials [ver #6]"
Reply: James Morris: "Re: [PATCH 00/27] Introduce credentials [ver #6]"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]