[Devel] Re: [PATCH] CONFIG_SECURITY_FILE_CAPABILITIES has been gone awhile

Oren Laadan orenl at cs.columbia.edu
Fri Apr 30 18:29:05 PDT 2010


Applied for v21.

Serge E. Hallyn wrote:
> Thanks Matt for noticing the sbits testcase was screaming at us
> about this being broken!
> 
> Signed-off-by: Serge E. Hallyn <serue at us.ibm.com>
> ---
>  kernel/capability.c |   16 ----------------
>  1 files changed, 0 insertions(+), 16 deletions(-)
> 
> diff --git a/kernel/capability.c b/kernel/capability.c
> index ccb8907..c39d6b0 100644
> --- a/kernel/capability.c
> +++ b/kernel/capability.c
> @@ -316,7 +316,6 @@ SYSCALL_DEFINE2(capset, cap_user_header_t, header, const cap_user_data_t, data)
>  
>  }
>  
> -#ifdef CONFIG_SECURITY_FILE_CAPABILITIES
>  int apply_securebits(unsigned securebits, struct cred *new)
>  {
>  	if ((((new->securebits & SECURE_ALL_LOCKS) >> 1)
> @@ -361,21 +360,6 @@ static inline int restore_cap_bset(kernel_cap_t bset, struct cred *cred)
>  	return 0;
>  }
>  
> -#else /* CONFIG_SECURITY_FILE_CAPABILITIES */
> -
> -int apply_securebits(unsigned securebits, struct cred *new)
> -{
> -	/* settable securebits not supported */
> -	return 0;
> -}
> -
> -static inline int restore_cap_bset(kernel_cap_t bset, struct cred *cred)
> -{
> -	/* bounding sets not supported */
> -	return 0;
> -}
> -#endif /* CONFIG_SECURITY_FILE_CAPABILITIES */
> -
>  #ifdef CONFIG_CHECKPOINT
>  static int do_restore_caps(struct ckpt_capabilities *h, struct cred *cred)
>  {
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers




More information about the Devel mailing list