[PATCH 1/1] kernel/sysctl.c: Add cap_last_cap to /proc/sys/kernel

From: Dan Ballard
Date: Sat Oct 15 2011 - 10:50:49 EST

Next message: Ingo Molnar: "Re: [v2 3/4] platform: (TS-5500) add LED support"
Previous message: Vivien Didelot: "Re: [v2 3/4] platform: (TS-5500) add LED support"
In reply to: Andrew Morton: "Re: [PATCH 1/1] added code to export CAP_LAST_CAP in/proc/sys/kernel modeled after ngroups_max"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Userspace needs to know the highest valid capability of the running
kernel, which right now cannot reliably be retrieved from the header
files only. The fact that this value cannot be determined properly
right now creates various problems for libraries compiled on newer
header files which are run on older kernels. They assume
capabilities are available which actually aren't.

Now the capability is exported in /proc/sys/kernel/cap_last_cap.

Signed-off-by: Dan Ballard <dan@xxxxxxxxxxxx>
---
Documentation/sysctl/kernel.txt | 8 ++++++++
kernel/sysctl.c | 9 +++++++++
2 files changed, 17 insertions(+), 0 deletions(-)

diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt
index 704e474..1f24636 100644
--- a/Documentation/sysctl/kernel.txt
+++ b/Documentation/sysctl/kernel.txt
@@ -24,6 +24,7 @@ show up in /proc/sys/kernel:
- bootloader_type [ X86 only ]
- bootloader_version [ X86 only ]
- callhome [ S390 only ]
+- cap_last_cap
- core_pattern
- core_pipe_limit
- core_uses_pid
@@ -155,6 +156,13 @@ on has a service contract with IBM.

==============================================================

+cap_last_cap
+
+Highest valid capability of the running kernel. Exports
+CAP_LAST_CAP from the kernel.
+
+==============================================================
+
core_pattern:

core_pattern is used to specify a core dumpfile pattern name.
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 11d65b5..06455c0 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -57,6 +57,7 @@
#include <linux/pipe_fs_i.h>
#include <linux/oom.h>
#include <linux/kmod.h>
+#include <linux/capability.h>

#include <asm/uaccess.h>
#include <asm/processor.h>
@@ -134,6 +135,7 @@ static int minolduid;
static int min_percpu_pagelist_fract = 8;

static int ngroups_max = NGROUPS_MAX;
+static int cap_last_cap = CAP_LAST_CAP;

#ifdef CONFIG_INOTIFY_USER
#include <linux/inotify.h>
@@ -730,6 +732,13 @@ static struct ctl_table kern_table[] = {
.mode = 0444,
.proc_handler = proc_dointvec,
},
+ {
+ .procname = "cap_last_cap",
+ .data = &cap_last_cap,
+ .maxlen = sizeof(int),
+ .mode = 0444,
+ .proc_handler = proc_dointvec,
+ },
#if defined(CONFIG_LOCKUP_DETECTOR)
{
.procname = "watchdog",
--
1.7.2.5

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ingo Molnar: "Re: [v2 3/4] platform: (TS-5500) add LED support"
Previous message: Vivien Didelot: "Re: [v2 3/4] platform: (TS-5500) add LED support"
In reply to: Andrew Morton: "Re: [PATCH 1/1] added code to export CAP_LAST_CAP in/proc/sys/kernel modeled after ngroups_max"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]