diff mbox

[V3,03/10] capabilities: rename has_cap to has_fcap

Message ID 8d77769c458b997ac9b07363bb865415a937848e.1503459890.git.rgb@redhat.com (mailing list archive)
State New, archived
Headers show

Commit Message

Richard Guy Briggs Aug. 23, 2017, 10:12 a.m. UTC
Rename has_cap to has_fcap to clarify it applies to file capabilities
since the entire source file is about capabilities.

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
---
 security/commoncap.c |   20 ++++++++++----------
 1 files changed, 10 insertions(+), 10 deletions(-)

Comments

Serge E. Hallyn Aug. 24, 2017, 4:10 p.m. UTC | #1
Quoting Richard Guy Briggs (rgb@redhat.com):
> Rename has_cap to has_fcap to clarify it applies to file capabilities
> since the entire source file is about capabilities.
> 
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>

Reviewed-by: Serge Hallyn <serge@hallyn.com>

> ---
>  security/commoncap.c |   20 ++++++++++----------
>  1 files changed, 10 insertions(+), 10 deletions(-)
> 
> diff --git a/security/commoncap.c b/security/commoncap.c
> index 6f05ec0..028d4e4 100644
> --- a/security/commoncap.c
> +++ b/security/commoncap.c
> @@ -339,7 +339,7 @@ int cap_inode_killpriv(struct dentry *dentry)
>  static inline int bprm_caps_from_vfs_caps(struct cpu_vfs_cap_data *caps,
>  					  struct linux_binprm *bprm,
>  					  bool *effective,
> -					  bool *has_cap)
> +					  bool *has_fcap)
>  {
>  	struct cred *new = bprm->cred;
>  	unsigned i;
> @@ -349,7 +349,7 @@ static inline int bprm_caps_from_vfs_caps(struct cpu_vfs_cap_data *caps,
>  		*effective = true;
>  
>  	if (caps->magic_etc & VFS_CAP_REVISION_MASK)
> -		*has_cap = true;
> +		*has_fcap = true;
>  
>  	CAP_FOR_EACH_U32(i) {
>  		__u32 permitted = caps->permitted.cap[i];
> @@ -438,7 +438,7 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data 
>   * its xattrs and, if present, apply them to the proposed credentials being
>   * constructed by execve().
>   */
> -static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_cap)
> +static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_fcap)
>  {
>  	int rc = 0;
>  	struct cpu_vfs_cap_data vcaps;
> @@ -469,7 +469,7 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c
>  		goto out;
>  	}
>  
> -	rc = bprm_caps_from_vfs_caps(&vcaps, bprm, effective, has_cap);
> +	rc = bprm_caps_from_vfs_caps(&vcaps, bprm, effective, has_fcap);
>  	if (rc == -EINVAL)
>  		printk(KERN_NOTICE "%s: cap_from_disk returned %d for %s\n",
>  		       __func__, rc, bprm->filename);
> @@ -481,7 +481,7 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c
>  	return rc;
>  }
>  
> -void handle_privileged_root(struct linux_binprm *bprm, bool has_cap, bool *effective, kuid_t root_uid)
> +void handle_privileged_root(struct linux_binprm *bprm, bool has_fcap, bool *effective, kuid_t root_uid)
>  {
>  	const struct cred *old = current_cred();
>  	struct cred *new = bprm->cred;
> @@ -493,7 +493,7 @@ void handle_privileged_root(struct linux_binprm *bprm, bool has_cap, bool *effec
>  	 * for a setuid root binary run by a non-root user.  Do set it
>  	 * for a root user just to cause least surprise to an admin.
>  	 */
> -	if (has_cap && !uid_eq(new->uid, root_uid) && uid_eq(new->euid, root_uid)) {
> +	if (has_fcap && !uid_eq(new->uid, root_uid) && uid_eq(new->euid, root_uid)) {
>  		warn_setuid_and_fcaps_mixed(bprm->filename);
>  		return;
>  	}
> @@ -531,20 +531,20 @@ int cap_bprm_set_creds(struct linux_binprm *bprm)
>  {
>  	const struct cred *old = current_cred();
>  	struct cred *new = bprm->cred;
> -	bool effective = false, has_cap = false, is_setid;
> +	bool effective = false, has_fcap = false, is_setid;
>  	int ret;
>  	kuid_t root_uid;
>  
>  	if (WARN_ON(!cap_ambient_invariant_ok(old)))
>  		return -EPERM;
>  
> -	ret = get_file_caps(bprm, &effective, &has_cap);
> +	ret = get_file_caps(bprm, &effective, &has_fcap);
>  	if (ret < 0)
>  		return ret;
>  
>  	root_uid = make_kuid(new->user_ns, 0);
>  
> -	handle_privileged_root(bprm, has_cap, &effective, root_uid);
> +	handle_privileged_root(bprm, has_fcap, &effective, root_uid);
>  
>  	/* if we have fs caps, clear dangerous personality flags */
>  	if (cap_gained(permitted, new, old))
> @@ -574,7 +574,7 @@ int cap_bprm_set_creds(struct linux_binprm *bprm)
>  	new->sgid = new->fsgid = new->egid;
>  
>  	/* File caps or setid cancels ambient. */
> -	if (has_cap || is_setid)
> +	if (has_fcap || is_setid)
>  		cap_clear(new->cap_ambient);
>  
>  	/*
> -- 
> 1.7.1
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
James Morris Aug. 25, 2017, 5:56 a.m. UTC | #2
On Wed, 23 Aug 2017, Richard Guy Briggs wrote:

> Rename has_cap to has_fcap to clarify it applies to file capabilities
> since the entire source file is about capabilities.
> 
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> ---
>  security/commoncap.c |   20 ++++++++++----------
>  1 files changed, 10 insertions(+), 10 deletions(-)


Acked-by: James Morris <james.l.morris@oracle.com>
diff mbox

Patch

diff --git a/security/commoncap.c b/security/commoncap.c
index 6f05ec0..028d4e4 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -339,7 +339,7 @@  int cap_inode_killpriv(struct dentry *dentry)
 static inline int bprm_caps_from_vfs_caps(struct cpu_vfs_cap_data *caps,
 					  struct linux_binprm *bprm,
 					  bool *effective,
-					  bool *has_cap)
+					  bool *has_fcap)
 {
 	struct cred *new = bprm->cred;
 	unsigned i;
@@ -349,7 +349,7 @@  static inline int bprm_caps_from_vfs_caps(struct cpu_vfs_cap_data *caps,
 		*effective = true;
 
 	if (caps->magic_etc & VFS_CAP_REVISION_MASK)
-		*has_cap = true;
+		*has_fcap = true;
 
 	CAP_FOR_EACH_U32(i) {
 		__u32 permitted = caps->permitted.cap[i];
@@ -438,7 +438,7 @@  int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data 
  * its xattrs and, if present, apply them to the proposed credentials being
  * constructed by execve().
  */
-static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_cap)
+static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_fcap)
 {
 	int rc = 0;
 	struct cpu_vfs_cap_data vcaps;
@@ -469,7 +469,7 @@  static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c
 		goto out;
 	}
 
-	rc = bprm_caps_from_vfs_caps(&vcaps, bprm, effective, has_cap);
+	rc = bprm_caps_from_vfs_caps(&vcaps, bprm, effective, has_fcap);
 	if (rc == -EINVAL)
 		printk(KERN_NOTICE "%s: cap_from_disk returned %d for %s\n",
 		       __func__, rc, bprm->filename);
@@ -481,7 +481,7 @@  static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c
 	return rc;
 }
 
-void handle_privileged_root(struct linux_binprm *bprm, bool has_cap, bool *effective, kuid_t root_uid)
+void handle_privileged_root(struct linux_binprm *bprm, bool has_fcap, bool *effective, kuid_t root_uid)
 {
 	const struct cred *old = current_cred();
 	struct cred *new = bprm->cred;
@@ -493,7 +493,7 @@  void handle_privileged_root(struct linux_binprm *bprm, bool has_cap, bool *effec
 	 * for a setuid root binary run by a non-root user.  Do set it
 	 * for a root user just to cause least surprise to an admin.
 	 */
-	if (has_cap && !uid_eq(new->uid, root_uid) && uid_eq(new->euid, root_uid)) {
+	if (has_fcap && !uid_eq(new->uid, root_uid) && uid_eq(new->euid, root_uid)) {
 		warn_setuid_and_fcaps_mixed(bprm->filename);
 		return;
 	}
@@ -531,20 +531,20 @@  int cap_bprm_set_creds(struct linux_binprm *bprm)
 {
 	const struct cred *old = current_cred();
 	struct cred *new = bprm->cred;
-	bool effective = false, has_cap = false, is_setid;
+	bool effective = false, has_fcap = false, is_setid;
 	int ret;
 	kuid_t root_uid;
 
 	if (WARN_ON(!cap_ambient_invariant_ok(old)))
 		return -EPERM;
 
-	ret = get_file_caps(bprm, &effective, &has_cap);
+	ret = get_file_caps(bprm, &effective, &has_fcap);
 	if (ret < 0)
 		return ret;
 
 	root_uid = make_kuid(new->user_ns, 0);
 
-	handle_privileged_root(bprm, has_cap, &effective, root_uid);
+	handle_privileged_root(bprm, has_fcap, &effective, root_uid);
 
 	/* if we have fs caps, clear dangerous personality flags */
 	if (cap_gained(permitted, new, old))
@@ -574,7 +574,7 @@  int cap_bprm_set_creds(struct linux_binprm *bprm)
 	new->sgid = new->fsgid = new->egid;
 
 	/* File caps or setid cancels ambient. */
-	if (has_cap || is_setid)
+	if (has_fcap || is_setid)
 		cap_clear(new->cap_ambient);
 
 	/*