| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20231129-idmap-fscap-refactor-v1-15-da5a26058a5b@kernel.org>
Date: Wed, 29 Nov 2023 15:50:33 -0600
From: "Seth Forshee (DigitalOcean)" <sforshee@...nel.org>
To: Christian Brauner <brauner@...nel.org>,
Serge Hallyn <serge@...lyn.com>,
Paul Moore <paul@...l-moore.com>,
Eric Paris <eparis@...hat.com>,
James Morris <jmorris@...ei.org>,
Alexander Viro <viro@...iv.linux.org.uk>,
Miklos Szeredi <miklos@...redi.hu>,
Amir Goldstein <amir73il@...il.com>
Cc: linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-security-module@...r.kernel.org, audit@...r.kernel.org,
linux-unionfs@...r.kernel.org,
"Seth Forshee (DigitalOcean)" <sforshee@...nel.org>
Subject: [PATCH 15/16] commoncap: use vfs fscaps interfaces for killpriv
checks
Signed-off-by: Seth Forshee (DigitalOcean) <sforshee@...nel.org>
---
security/commoncap.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/security/commoncap.c b/security/commoncap.c
index ced7a3c9685f..15344c86c759 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -295,11 +295,12 @@ int cap_capset(struct cred *new,
*/
int cap_inode_need_killpriv(struct dentry *dentry)
{
- struct inode *inode = d_backing_inode(dentry);
+ struct vfs_caps caps;
int error;
- error = __vfs_getxattr(dentry, inode, XATTR_NAME_CAPS, NULL, 0);
- return error > 0;
+ /* Use nop_mnt_idmap for no mapping here as mapping is unimportant */
+ error= __vfs_get_fscaps(&nop_mnt_idmap, dentry, &caps);
+ return error == 0;
}
/**
@@ -322,7 +323,7 @@ int cap_inode_killpriv(struct mnt_idmap *idmap, struct dentry *dentry)
{
int error;
- error = __vfs_removexattr(idmap, dentry, XATTR_NAME_CAPS);
+ error = __vfs_remove_fscaps(idmap, dentry);
if (error == -EOPNOTSUPP)
error = 0;
return error;
--
2.43.0
Powered by blists - more mailing lists