[Devel] Re: [PATCH 1/1] capabilities: introduce per-process capability bounding set (v8)
Serge E. Hallyn
serue at us.ibm.com
Tue Nov 20 12:23:40 PST 2007
Quoting Serge E. Hallyn (serue at us.ibm.com):
> How about the following?
Argh, with the following on top of it...
-serge
>From 470a68120cda83875a281354b897f3bda04b58fc Mon Sep 17 00:00:00 2001
From: Serge E. Hallyn <serue at us.ibm.com>
Date: Tue, 20 Nov 2007 15:12:54 -0500
Subject: [PATCH 1/1] capbset: fix compilation when CONFIG_SECURITY=n
without this patch, kernel/sys.c has undefined reference
to cap_prctl_drop().
Signed-off-by: Serge E. Hallyn <serue at us.ibm.com>
---
kernel/sys.c | 4 ++++
security/commoncap.c | 4 ----
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/kernel/sys.c b/kernel/sys.c
index b528e75..efc495e 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -1747,7 +1747,11 @@ asmlinkage long sys_prctl(int option, unsigned long arg2, unsigned long arg3,
return -EINVAL;
return !!cap_raised(current->cap_bset, arg2);
case PR_CAPBSET_DROP:
+#ifdef CONFIG_SECURITY_FILE_CAPABILITIES
return cap_prctl_drop(arg2);
+#else
+ return -EINVAL;
+#endif
default:
error = -EINVAL;
diff --git a/security/commoncap.c b/security/commoncap.c
index b72825e..e909f4f 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -594,10 +594,6 @@ int cap_task_kill(struct task_struct *p, struct siginfo *info,
{
return 0;
}
-long cap_prctl_drop(unsigned long cap)
-{
- return -EINVAL;
-}
#endif
void cap_task_reparent_to_init (struct task_struct *p)
--
1.5.1.1.GIT
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list