On Wed, Jan 23, 2019 at 9:37 PM Richard Guy Briggs <r...@redhat.com> wrote:
>
> V3 namespaced file capabilities were introduced in
> commit 8db6c34f1dbc ("Introduce v3 namespaced file capabilities")
>
> Add support for these by adding the "frootid" field to the existing
> fcaps fields in the NAME and BPRM_FCAPS records.
>
> Please see github issue
> https://github.com/linux-audit/audit-kernel/issues/103
>
> Signed-off-by: Richard Guy Briggs <r...@redhat.com>
> ---
> Passes audit-testsuite.
>
> include/linux/capability.h | 5 +++--
> kernel/audit.c | 6 ++++--
> kernel/audit.h | 1 +
> kernel/auditsc.c | 4 ++++
> security/commoncap.c | 2 ++
> 5 files changed, 14 insertions(+), 4 deletions(-)
>
> diff --git a/include/linux/capability.h b/include/linux/capability.h
> index f640dcbc880c..f6bb691547fd 100644
> --- a/include/linux/capability.h
> +++ b/include/linux/capability.h
> @@ -14,7 +14,7 @@
> #define _LINUX_CAPABILITY_H
>
> #include <uapi/linux/capability.h>
> -
> +#include <linux/uidgid.h>
>
> #define _KERNEL_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_3
> #define _KERNEL_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_3
> @@ -25,11 +25,12 @@
> __u32 cap[_KERNEL_CAPABILITY_U32S];
> } kernel_cap_t;
>
> -/* exact same as vfs_cap_data but in cpu endian and always filled completely
> */
> +/* exact same as vfs_ns_cap_data but in cpu endian and always filled
> completely */
Removed "exact" from the comment above so it fits an 80 char line
width. Please watch for this in your patches, I care a lot about line
widths.
Otherwise as long as Serge is happy with the capabilities bits, I'm
happy with the audit bits; merged.
--
paul moore
www.paul-moore.com
