git://git.onelab.eu
/
linux-2.6.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
fedora core 6 1.2949 + vserver 2.2.0
[linux-2.6.git]
/
kernel
/
capability.c
diff --git
a/kernel/capability.c
b/kernel/capability.c
index
4e3424e
..
b6df404
100644
(file)
--- a/
kernel/capability.c
+++ b/
kernel/capability.c
@@
-12,7
+12,7
@@
#include <linux/module.h>
#include <linux/security.h>
#include <linux/syscalls.h>
#include <linux/module.h>
#include <linux/security.h>
#include <linux/syscalls.h>
-#include <linux/vs_c
vir
t.h>
+#include <linux/vs_c
ontex
t.h>
#include <asm/uaccess.h>
unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */
#include <asm/uaccess.h>
unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */
@@
-47,7
+47,7
@@
asmlinkage long sys_capget(cap_user_header_t header, cap_user_data_t dataptr)
int ret = 0;
pid_t pid;
__u32 version;
int ret = 0;
pid_t pid;
__u32 version;
-
task_
t *target;
+
struct task_struc
t *target;
struct __user_cap_data_struct data;
if (get_user(version, &header->version))
struct __user_cap_data_struct data;
if (get_user(version, &header->version))
@@
-97,11
+97,13
@@
static inline int cap_set_pg(int pgrp, kernel_cap_t *effective,
kernel_cap_t *inheritable,
kernel_cap_t *permitted)
{
kernel_cap_t *inheritable,
kernel_cap_t *permitted)
{
-
task_
t *g, *target;
+
struct task_struc
t *g, *target;
int ret = -EPERM;
int found = 0;
do_each_task_pid(pgrp, PIDTYPE_PGID, g) {
int ret = -EPERM;
int found = 0;
do_each_task_pid(pgrp, PIDTYPE_PGID, g) {
+ if (!vx_check(g->xid, VS_ADMIN_P | VS_IDENT))
+ continue;
target = g;
while_each_thread(g, target) {
if (!security_capset_check(target, effective,
target = g;
while_each_thread(g, target) {
if (!security_capset_check(target, effective,
@@
-129,12
+131,12
@@
static inline int cap_set_all(kernel_cap_t *effective,
kernel_cap_t *inheritable,
kernel_cap_t *permitted)
{
kernel_cap_t *inheritable,
kernel_cap_t *permitted)
{
-
task_
t *g, *target;
+
struct task_struc
t *g, *target;
int ret = -EPERM;
int found = 0;
do_each_thread(g, target) {
int ret = -EPERM;
int found = 0;
do_each_thread(g, target) {
- if (target == current ||
target->pid == 1
)
+ if (target == current ||
is_init(target)
)
continue;
found = 1;
if (security_capset_check(target, effective, inheritable,
continue;
found = 1;
if (security_capset_check(target, effective, inheritable,
@@
-173,7
+175,7
@@
asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data)
{
kernel_cap_t inheritable, permitted, effective;
__u32 version;
{
kernel_cap_t inheritable, permitted, effective;
__u32 version;
-
task_
t *target;
+
struct task_struc
t *target;
int ret;
pid_t pid;
int ret;
pid_t pid;
@@
-245,12
+247,12
@@
int __capable(struct task_struct *t, int cap)
}
EXPORT_SYMBOL(__capable);
}
EXPORT_SYMBOL(__capable);
+#include <linux/vserver/base.h>
int capable(int cap)
{
/* here for now so we don't require task locking */
int capable(int cap)
{
/* here for now so we don't require task locking */
- if (v
x
_check_bit(VXC_CAP_MASK, cap) && !vx_mcaps(1L << cap))
+ if (v
s
_check_bit(VXC_CAP_MASK, cap) && !vx_mcaps(1L << cap))
return 0;
return __capable(current, cap);
}
EXPORT_SYMBOL(capable);
return 0;
return __capable(current, cap);
}
EXPORT_SYMBOL(capable);
-