Re: [PATCH 1/1] file capabilities: introduce cap_setfcap
Serge E. Hallyn wrote: Here's the first patch (of several or many to come) to address some of Andrew's comments. Kaigai, IIUC cap_names.h will eventually be automatically updated? (I had to manually tweak it for testing as the new kernel sources were not located on the test system) The origin of cap_names.h is "/usr/include/linux/capability.h". Some scripts kicked by Makefile convert it, then cap_names.h will be generated. I don't know whether we can expect the kernel headers are always deployed under "/usr/include/linux", or not. In Fedora system, the kernel-headers package deploys all headers there, so cap_names.h will eventually be automatically updated. Thanks, thanks, -serge From fefcd341e478bd9e490d34abe9efd3c3c4f0b8a0 Mon Sep 17 00:00:00 2001 From: Serge E. Hallyn <[EMAIL PROTECTED]> Date: Wed, 27 Jun 2007 13:09:20 -0400 Subject: [PATCH 1/1] file capabilities: introduce cap_setfcap Setting file capabilities previously required the cap_sys_admin capability, since they are stored as extended attributes in the security.* namespace. Introduce CAP_SETFCAP (to mirror CAP_SETPCAP), and require it for setting file capabilities instead of CAP_SYS_ADMIN. Quoting Andrew Morgan, "CAP_SYS_ADMIN is way too overloaded and this functionality is special." Signed-off-by: Serge E. Hallyn <[EMAIL PROTECTED]> --- include/linux/capability.h |4 +++- security/commoncap.c | 12 ++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/include/linux/capability.h b/include/linux/capability.h index 89125df..cdfaa10 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -324,7 +324,9 @@ typedef __u32 kernel_cap_t; #define CAP_AUDIT_CONTROL30 -#define CAP_NUMCAPS 31 +#define CAP_SETFCAP 31 + +#define CAP_NUMCAPS 32 #ifdef __KERNEL__ /* diff --git a/security/commoncap.c b/security/commoncap.c index 4e9ff02..24de4fa 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -290,7 +290,11 @@ int cap_bprm_secureexec (struct linux_binprm *bprm) int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags) { - if (!strncmp(name, XATTR_SECURITY_PREFIX, + if (!strcmp(name, XATTR_NAME_CAPS)) { + if (!capable(CAP_SETFCAP)) + return -EPERM; + return 0; + } else if (!strncmp(name, XATTR_SECURITY_PREFIX, sizeof(XATTR_SECURITY_PREFIX) - 1) && !capable(CAP_SYS_ADMIN)) return -EPERM; @@ -299,7 +303,11 @@ int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, int cap_inode_removexattr(struct dentry *dentry, char *name) { - if (!strncmp(name, XATTR_SECURITY_PREFIX, + if (!strcmp(name, XATTR_NAME_CAPS)) { + if (!capable(CAP_SETFCAP)) + return -EPERM; + return 0; + } else if (!strncmp(name, XATTR_SECURITY_PREFIX, sizeof(XATTR_SECURITY_PREFIX) - 1) && !capable(CAP_SYS_ADMIN)) return -EPERM; -- Open Source Software Promotion Center, NEC KaiGai Kohei <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 1/1] file capabilities: introduce cap_setfcap
Here's the first patch (of several or many to come) to address some of Andrew's comments. Kaigai, IIUC cap_names.h will eventually be automatically updated? (I had to manually tweak it for testing as the new kernel sources were not located on the test system) thanks, -serge >From fefcd341e478bd9e490d34abe9efd3c3c4f0b8a0 Mon Sep 17 00:00:00 2001 From: Serge E. Hallyn <[EMAIL PROTECTED]> Date: Wed, 27 Jun 2007 13:09:20 -0400 Subject: [PATCH 1/1] file capabilities: introduce cap_setfcap Setting file capabilities previously required the cap_sys_admin capability, since they are stored as extended attributes in the security.* namespace. Introduce CAP_SETFCAP (to mirror CAP_SETPCAP), and require it for setting file capabilities instead of CAP_SYS_ADMIN. Quoting Andrew Morgan, "CAP_SYS_ADMIN is way too overloaded and this functionality is special." Signed-off-by: Serge E. Hallyn <[EMAIL PROTECTED]> --- include/linux/capability.h |4 +++- security/commoncap.c | 12 ++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/include/linux/capability.h b/include/linux/capability.h index 89125df..cdfaa10 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -324,7 +324,9 @@ typedef __u32 kernel_cap_t; #define CAP_AUDIT_CONTROL30 -#define CAP_NUMCAPS 31 +#define CAP_SETFCAP 31 + +#define CAP_NUMCAPS 32 #ifdef __KERNEL__ /* diff --git a/security/commoncap.c b/security/commoncap.c index 4e9ff02..24de4fa 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -290,7 +290,11 @@ int cap_bprm_secureexec (struct linux_binprm *bprm) int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags) { - if (!strncmp(name, XATTR_SECURITY_PREFIX, + if (!strcmp(name, XATTR_NAME_CAPS)) { + if (!capable(CAP_SETFCAP)) + return -EPERM; + return 0; + } else if (!strncmp(name, XATTR_SECURITY_PREFIX, sizeof(XATTR_SECURITY_PREFIX) - 1) && !capable(CAP_SYS_ADMIN)) return -EPERM; @@ -299,7 +303,11 @@ int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, int cap_inode_removexattr(struct dentry *dentry, char *name) { - if (!strncmp(name, XATTR_SECURITY_PREFIX, + if (!strcmp(name, XATTR_NAME_CAPS)) { + if (!capable(CAP_SETFCAP)) + return -EPERM; + return 0; + } else if (!strncmp(name, XATTR_SECURITY_PREFIX, sizeof(XATTR_SECURITY_PREFIX) - 1) && !capable(CAP_SYS_ADMIN)) return -EPERM; -- 1.5.1.1.GIT - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 1/1] file capabilities: introduce cap_setfcap
Here's the first patch (of several or many to come) to address some of Andrew's comments. Kaigai, IIUC cap_names.h will eventually be automatically updated? (I had to manually tweak it for testing as the new kernel sources were not located on the test system) thanks, -serge From fefcd341e478bd9e490d34abe9efd3c3c4f0b8a0 Mon Sep 17 00:00:00 2001 From: Serge E. Hallyn [EMAIL PROTECTED] Date: Wed, 27 Jun 2007 13:09:20 -0400 Subject: [PATCH 1/1] file capabilities: introduce cap_setfcap Setting file capabilities previously required the cap_sys_admin capability, since they are stored as extended attributes in the security.* namespace. Introduce CAP_SETFCAP (to mirror CAP_SETPCAP), and require it for setting file capabilities instead of CAP_SYS_ADMIN. Quoting Andrew Morgan, CAP_SYS_ADMIN is way too overloaded and this functionality is special. Signed-off-by: Serge E. Hallyn [EMAIL PROTECTED] --- include/linux/capability.h |4 +++- security/commoncap.c | 12 ++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/include/linux/capability.h b/include/linux/capability.h index 89125df..cdfaa10 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -324,7 +324,9 @@ typedef __u32 kernel_cap_t; #define CAP_AUDIT_CONTROL30 -#define CAP_NUMCAPS 31 +#define CAP_SETFCAP 31 + +#define CAP_NUMCAPS 32 #ifdef __KERNEL__ /* diff --git a/security/commoncap.c b/security/commoncap.c index 4e9ff02..24de4fa 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -290,7 +290,11 @@ int cap_bprm_secureexec (struct linux_binprm *bprm) int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags) { - if (!strncmp(name, XATTR_SECURITY_PREFIX, + if (!strcmp(name, XATTR_NAME_CAPS)) { + if (!capable(CAP_SETFCAP)) + return -EPERM; + return 0; + } else if (!strncmp(name, XATTR_SECURITY_PREFIX, sizeof(XATTR_SECURITY_PREFIX) - 1) !capable(CAP_SYS_ADMIN)) return -EPERM; @@ -299,7 +303,11 @@ int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, int cap_inode_removexattr(struct dentry *dentry, char *name) { - if (!strncmp(name, XATTR_SECURITY_PREFIX, + if (!strcmp(name, XATTR_NAME_CAPS)) { + if (!capable(CAP_SETFCAP)) + return -EPERM; + return 0; + } else if (!strncmp(name, XATTR_SECURITY_PREFIX, sizeof(XATTR_SECURITY_PREFIX) - 1) !capable(CAP_SYS_ADMIN)) return -EPERM; -- 1.5.1.1.GIT - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 1/1] file capabilities: introduce cap_setfcap
Serge E. Hallyn wrote: Here's the first patch (of several or many to come) to address some of Andrew's comments. Kaigai, IIUC cap_names.h will eventually be automatically updated? (I had to manually tweak it for testing as the new kernel sources were not located on the test system) The origin of cap_names.h is /usr/include/linux/capability.h. Some scripts kicked by Makefile convert it, then cap_names.h will be generated. I don't know whether we can expect the kernel headers are always deployed under /usr/include/linux, or not. In Fedora system, the kernel-headers package deploys all headers there, so cap_names.h will eventually be automatically updated. Thanks, thanks, -serge From fefcd341e478bd9e490d34abe9efd3c3c4f0b8a0 Mon Sep 17 00:00:00 2001 From: Serge E. Hallyn [EMAIL PROTECTED] Date: Wed, 27 Jun 2007 13:09:20 -0400 Subject: [PATCH 1/1] file capabilities: introduce cap_setfcap Setting file capabilities previously required the cap_sys_admin capability, since they are stored as extended attributes in the security.* namespace. Introduce CAP_SETFCAP (to mirror CAP_SETPCAP), and require it for setting file capabilities instead of CAP_SYS_ADMIN. Quoting Andrew Morgan, CAP_SYS_ADMIN is way too overloaded and this functionality is special. Signed-off-by: Serge E. Hallyn [EMAIL PROTECTED] --- include/linux/capability.h |4 +++- security/commoncap.c | 12 ++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/include/linux/capability.h b/include/linux/capability.h index 89125df..cdfaa10 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -324,7 +324,9 @@ typedef __u32 kernel_cap_t; #define CAP_AUDIT_CONTROL30 -#define CAP_NUMCAPS 31 +#define CAP_SETFCAP 31 + +#define CAP_NUMCAPS 32 #ifdef __KERNEL__ /* diff --git a/security/commoncap.c b/security/commoncap.c index 4e9ff02..24de4fa 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -290,7 +290,11 @@ int cap_bprm_secureexec (struct linux_binprm *bprm) int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags) { - if (!strncmp(name, XATTR_SECURITY_PREFIX, + if (!strcmp(name, XATTR_NAME_CAPS)) { + if (!capable(CAP_SETFCAP)) + return -EPERM; + return 0; + } else if (!strncmp(name, XATTR_SECURITY_PREFIX, sizeof(XATTR_SECURITY_PREFIX) - 1) !capable(CAP_SYS_ADMIN)) return -EPERM; @@ -299,7 +303,11 @@ int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, int cap_inode_removexattr(struct dentry *dentry, char *name) { - if (!strncmp(name, XATTR_SECURITY_PREFIX, + if (!strcmp(name, XATTR_NAME_CAPS)) { + if (!capable(CAP_SETFCAP)) + return -EPERM; + return 0; + } else if (!strncmp(name, XATTR_SECURITY_PREFIX, sizeof(XATTR_SECURITY_PREFIX) - 1) !capable(CAP_SYS_ADMIN)) return -EPERM; -- Open Source Software Promotion Center, NEC KaiGai Kohei [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/