CRED: Separate task security context from task_struct

Separate the task security context from task_struct.  At this point, the
security data is temporarily embedded in the task_struct with two pointers
pointing to it.

Note that the Alpha arch is altered as it refers to (E)UID and (E)GID in
entry.S via asm-offsets.

With comment fixes Signed-off-by: Marc Dionne <marc.c.dionne@gmail.com>

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
David Howells 2008-11-14 10:39:16 +11:00 committed by James Morris
commit b6dff3ec5e
63 changed files with 830 additions and 675 deletions

View file

@ -425,6 +425,7 @@ out:
*/
asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode)
{
struct cred *cred = current->cred;
struct path path;
struct inode *inode;
int old_fsuid, old_fsgid;
@ -434,18 +435,18 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode)
if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */
return -EINVAL;
old_fsuid = current->fsuid;
old_fsgid = current->fsgid;
old_fsuid = cred->fsuid;
old_fsgid = cred->fsgid;
current->fsuid = current->uid;
current->fsgid = current->gid;
cred->fsuid = cred->uid;
cred->fsgid = cred->gid;
if (!issecure(SECURE_NO_SETUID_FIXUP)) {
/* Clear the capabilities if we switch to a non-root user */
if (current->uid)
if (current->cred->uid)
old_cap = cap_set_effective(__cap_empty_set);
else
old_cap = cap_set_effective(current->cap_permitted);
old_cap = cap_set_effective(cred->cap_permitted);
}
res = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path);
@ -484,8 +485,8 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode)
out_path_release:
path_put(&path);
out:
current->fsuid = old_fsuid;
current->fsgid = old_fsgid;
cred->fsuid = old_fsuid;
cred->fsgid = old_fsgid;
if (!issecure(SECURE_NO_SETUID_FIXUP))
cap_set_effective(old_cap);