CRED: Separate task security context from task_struct
Separate the task security context from task_struct. At this point, the security data is temporarily embedded in the task_struct with two pointers pointing to it. Note that the Alpha arch is altered as it refers to (E)UID and (E)GID in entry.S via asm-offsets. With comment fixes Signed-off-by: Marc Dionne <marc.c.dionne@gmail.com> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: James Morris <jmorris@namei.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
15a2460ed0
commit
b6dff3ec5e
63 changed files with 830 additions and 675 deletions
17
fs/open.c
17
fs/open.c
|
@ -425,6 +425,7 @@ out:
|
|||
*/
|
||||
asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode)
|
||||
{
|
||||
struct cred *cred = current->cred;
|
||||
struct path path;
|
||||
struct inode *inode;
|
||||
int old_fsuid, old_fsgid;
|
||||
|
@ -434,18 +435,18 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode)
|
|||
if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */
|
||||
return -EINVAL;
|
||||
|
||||
old_fsuid = current->fsuid;
|
||||
old_fsgid = current->fsgid;
|
||||
old_fsuid = cred->fsuid;
|
||||
old_fsgid = cred->fsgid;
|
||||
|
||||
current->fsuid = current->uid;
|
||||
current->fsgid = current->gid;
|
||||
cred->fsuid = cred->uid;
|
||||
cred->fsgid = cred->gid;
|
||||
|
||||
if (!issecure(SECURE_NO_SETUID_FIXUP)) {
|
||||
/* Clear the capabilities if we switch to a non-root user */
|
||||
if (current->uid)
|
||||
if (current->cred->uid)
|
||||
old_cap = cap_set_effective(__cap_empty_set);
|
||||
else
|
||||
old_cap = cap_set_effective(current->cap_permitted);
|
||||
old_cap = cap_set_effective(cred->cap_permitted);
|
||||
}
|
||||
|
||||
res = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path);
|
||||
|
@ -484,8 +485,8 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode)
|
|||
out_path_release:
|
||||
path_put(&path);
|
||||
out:
|
||||
current->fsuid = old_fsuid;
|
||||
current->fsgid = old_fsgid;
|
||||
cred->fsuid = old_fsuid;
|
||||
cred->fsgid = old_fsgid;
|
||||
|
||||
if (!issecure(SECURE_NO_SETUID_FIXUP))
|
||||
cap_set_effective(old_cap);
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue