Re: [PATCH] capabilities: refactor kernel code + bugfix
From: Andrew Morton
Date: Wed Jun 25 2008 - 19:32:06 EST
On Fri, 20 Jun 2008 08:38:19 -0700
"Andrew G. Morgan" <morgan@xxxxxxxxxx> wrote:
> From 8a2bffcb5363295ea43ef42c84c121a8e8c7ffa0 Mon Sep 17 00:00:00 2001
> From: Andrew G. Morgan <morgan@xxxxxxxxxx>
> Date: Fri, 20 Jun 2008 08:16:06 -0700
> Subject: [PATCH] Refactor filesystem capability support in main kernel.
>
> To date, we've tried hard to confine filesystem support for capabilities
> to the security modules. This has left a lot of the code in
> kernel/capability.c in a state where it looks like it supports something
> that filesystem support for capabilities actually suppresses when the
> LSM security/commmoncap.c code runs. What is left is a lot of code that
> uses sub-optimal locking in the main kernel. With this change we refactor
> the main kernel code and make it explicit which locks are needed and that
> the only remaining kernel races in this area are associated with
> non-filesystem capability code.
>
> This commit also includes a bugfix for the fragile setuid fixup
> code in the case that filesystem capabilities are supported (in access()).
> The effect of this fix is gated on filesystem capability support because
> changing securebits is only supported when filesystem capabilities support
> is configured.)
>
> Signed-off-by: Andrew G. Morgan <morgan@xxxxxxxxxx>
> ---
> fs/open.c | 38 +++--
> include/linux/capability.h | 2 +
> include/linux/securebits.h | 15 +-
> kernel/capability.c | 359 +++++++++++++++++++++++++++++--------------
This is one helluva large (security!) patch for so late in -rc.
Could we please split out the bugfix for 2.6.26 (is it needed in 2.6.25
too?) and hold the refactoring back for 2.6.27?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/