ChangeSet 1.842.44.1, 2002/11/24 15:31:02-08:00, greg@kroah.com Merge diff -Nru a/arch/alpha/kernel/systbls.S b/arch/alpha/kernel/systbls.S --- a/arch/alpha/kernel/systbls.S Tue Nov 26 14:02:29 2002 +++ b/arch/alpha/kernel/systbls.S Tue Nov 26 14:02:29 2002 @@ -399,7 +399,7 @@ .quad sys_getdents64 .quad sys_gettid .quad sys_readahead - .quad sys_ni_syscall /* 380, sys_security */ + .quad sys_ni_syscall /* 380 */ .quad sys_tkill .quad sys_setxattr .quad sys_lsetxattr diff -Nru a/arch/arm/kernel/calls.S b/arch/arm/kernel/calls.S --- a/arch/arm/kernel/calls.S Tue Nov 26 14:02:29 2002 +++ b/arch/arm/kernel/calls.S Tue Nov 26 14:02:29 2002 @@ -237,7 +237,7 @@ /* 220 */ .long sys_madvise .long sys_fcntl64 .long sys_ni_syscall /* TUX */ - .long sys_security + .long sys_ni_syscall .long sys_gettid /* 225 */ .long sys_readahead .long sys_setxattr diff -Nru a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c --- a/arch/arm/kernel/ptrace.c Tue Nov 26 14:02:28 2002 +++ b/arch/arm/kernel/ptrace.c Tue Nov 26 14:02:28 2002 @@ -711,8 +711,7 @@ /* are we already being traced? */ if (current->ptrace & PT_PTRACED) goto out; - ret = security_ops->ptrace(current->parent, current); - if (ret) + if ((ret = security_ptrace(current->parent, current))) goto out; /* set the ptrace bit in the process flags. */ current->ptrace |= PT_PTRACED; diff -Nru a/arch/i386/kernel/entry.S b/arch/i386/kernel/entry.S --- a/arch/i386/kernel/entry.S Tue Nov 26 14:02:28 2002 +++ b/arch/i386/kernel/entry.S Tue Nov 26 14:02:28 2002 @@ -707,7 +707,7 @@ .long sys_getdents64 /* 220 */ .long sys_fcntl64 .long sys_ni_syscall /* reserved for TUX */ - .long sys_security /* reserved for Security */ + .long sys_ni_syscall .long sys_gettid .long sys_readahead /* 225 */ .long sys_setxattr diff -Nru a/arch/i386/kernel/ptrace.c b/arch/i386/kernel/ptrace.c --- a/arch/i386/kernel/ptrace.c Tue Nov 26 14:02:28 2002 +++ b/arch/i386/kernel/ptrace.c Tue Nov 26 14:02:28 2002 @@ -160,8 +160,7 @@ /* are we already being traced? */ if (current->ptrace & PT_PTRACED) goto out; - ret = security_ops->ptrace(current->parent, current); - if (ret) + if ((ret = security_ptrace(current->parent, current))) goto out; /* set the ptrace bit in the process flags. */ current->ptrace |= PT_PTRACED; diff -Nru a/arch/ia64/kernel/entry.S b/arch/ia64/kernel/entry.S --- a/arch/ia64/kernel/entry.S Tue Nov 26 14:02:28 2002 +++ b/arch/ia64/kernel/entry.S Tue Nov 26 14:02:28 2002 @@ -1241,7 +1241,7 @@ data8 sys_futex // 1230 data8 sys_sched_setaffinity data8 sys_sched_getaffinity - data8 sys_security + data8 sys_ni_syscall data8 sys_alloc_hugepages data8 sys_free_hugepages // 1235 data8 sys_exit_group diff -Nru a/arch/ia64/kernel/ptrace.c b/arch/ia64/kernel/ptrace.c --- a/arch/ia64/kernel/ptrace.c Tue Nov 26 14:02:29 2002 +++ b/arch/ia64/kernel/ptrace.c Tue Nov 26 14:02:29 2002 @@ -1101,8 +1101,7 @@ /* are we already being traced? */ if (current->ptrace & PT_PTRACED) goto out; - ret = security_ops->ptrace(current->parent, current); - if (ret) + if ((ret = security_ptrace(current->parent, current))) goto out; current->ptrace |= PT_PTRACED; ret = 0; diff -Nru a/arch/ppc/kernel/misc.S b/arch/ppc/kernel/misc.S --- a/arch/ppc/kernel/misc.S Tue Nov 26 14:02:29 2002 +++ b/arch/ppc/kernel/misc.S Tue Nov 26 14:02:29 2002 @@ -1279,7 +1279,7 @@ .long sys_futex .long sys_sched_setaffinity .long sys_sched_getaffinity - .long sys_security + .long sys_ni_syscall .long sys_ni_syscall /* 225 - reserved for Tux */ .long sys_sendfile64 .long sys_io_setup diff -Nru a/arch/ppc/kernel/ptrace.c b/arch/ppc/kernel/ptrace.c --- a/arch/ppc/kernel/ptrace.c Tue Nov 26 14:02:28 2002 +++ b/arch/ppc/kernel/ptrace.c Tue Nov 26 14:02:28 2002 @@ -166,8 +166,7 @@ /* are we already being traced? */ if (current->ptrace & PT_PTRACED) goto out; - ret = security_ops->ptrace(current->parent, current); - if (ret) + if ((ret = security_ptrace(current->parent, current))) goto out; /* set the ptrace bit in the process flags. */ current->ptrace |= PT_PTRACED; diff -Nru a/arch/ppc64/kernel/misc.S b/arch/ppc64/kernel/misc.S --- a/arch/ppc64/kernel/misc.S Tue Nov 26 14:02:29 2002 +++ b/arch/ppc64/kernel/misc.S Tue Nov 26 14:02:29 2002 @@ -486,6 +486,7 @@ /* XXX fix this when we optimise syscall entry to not save volatiles */ mr r6,r3 /* function */ ori r3,r5,CLONE_VM /* flags */ + oris r3,r3,(CLONE_UNTRACED>>16) li r0,__NR_clone sc cmpi 0,r3,0 /* parent or child? */ diff -Nru a/arch/ppc64/kernel/ptrace.c b/arch/ppc64/kernel/ptrace.c --- a/arch/ppc64/kernel/ptrace.c Tue Nov 26 14:02:28 2002 +++ b/arch/ppc64/kernel/ptrace.c Tue Nov 26 14:02:28 2002 @@ -59,8 +59,7 @@ /* are we already being traced? */ if (current->ptrace & PT_PTRACED) goto out; - ret = security_ops->ptrace(current->parent, current); - if (ret) + if ((ret = security_ptrace(current->parent, current))) goto out; /* set the ptrace bit in the process flags. */ current->ptrace |= PT_PTRACED; diff -Nru a/arch/ppc64/kernel/ptrace32.c b/arch/ppc64/kernel/ptrace32.c --- a/arch/ppc64/kernel/ptrace32.c Tue Nov 26 14:02:28 2002 +++ b/arch/ppc64/kernel/ptrace32.c Tue Nov 26 14:02:28 2002 @@ -48,8 +48,7 @@ /* are we already being traced? */ if (current->ptrace & PT_PTRACED) goto out; - ret = security_ops->ptrace(current->parent, current); - if (ret) + if ((ret = security_ptrace(current->parent, current))) goto out; /* set the ptrace bit in the process flags. */ current->ptrace |= PT_PTRACED; diff -Nru a/arch/s390/kernel/entry.S b/arch/s390/kernel/entry.S --- a/arch/s390/kernel/entry.S Tue Nov 26 14:02:28 2002 +++ b/arch/s390/kernel/entry.S Tue Nov 26 14:02:28 2002 @@ -588,7 +588,7 @@ .long sys_futex .long sys_sched_setaffinity .long sys_sched_getaffinity /* 240 */ - .long sys_security + .long sys_ni_syscall .long sys_ni_syscall /* reserved for TUX */ .long sys_io_setup .long sys_io_destroy diff -Nru a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c --- a/arch/s390/kernel/ptrace.c Tue Nov 26 14:02:29 2002 +++ b/arch/s390/kernel/ptrace.c Tue Nov 26 14:02:29 2002 @@ -323,8 +323,7 @@ ret = -EPERM; if (current->ptrace & PT_PTRACED) goto out; - ret = security_ops->ptrace(current->parent, current); - if (ret) + if ((ret = security_ptrace(current->parent, current))) goto out; /* set the ptrace bit in the process flags. */ current->ptrace |= PT_PTRACED; diff -Nru a/arch/s390x/kernel/entry.S b/arch/s390x/kernel/entry.S --- a/arch/s390x/kernel/entry.S Tue Nov 26 14:02:28 2002 +++ b/arch/s390x/kernel/entry.S Tue Nov 26 14:02:28 2002 @@ -617,7 +617,7 @@ .long SYSCALL(sys_futex,sys32_futex_wrapper) .long SYSCALL(sys_sched_setaffinity,sys32_sched_setaffinity_wrapper) .long SYSCALL(sys_sched_getaffinity,sys32_sched_getaffinity_wrapper) /* 240 */ - .long SYSCALL(sys_security,sys_ni_syscall) + .long SYSCALL(sys_ni_syscall,sys_ni_syscall) .long SYSCALL(sys_ni_syscall,sys_ni_syscall) /* reserved for TUX */ .long SYSCALL(sys_io_setup,sys_ni_syscall) .long SYSCALL(sys_io_destroy,sys_ni_syscall) diff -Nru a/arch/s390x/kernel/ptrace.c b/arch/s390x/kernel/ptrace.c --- a/arch/s390x/kernel/ptrace.c Tue Nov 26 14:02:28 2002 +++ b/arch/s390x/kernel/ptrace.c Tue Nov 26 14:02:28 2002 @@ -32,6 +32,7 @@ #include #include #include +#include #include #include @@ -562,8 +563,7 @@ ret = -EPERM; if (current->ptrace & PT_PTRACED) goto out; - ret = security_ops->ptrace(current->parent, current); - if (ret) + if ((ret = security_ptrace(current->parent, current))) goto out; /* set the ptrace bit in the process flags. */ current->ptrace |= PT_PTRACED; diff -Nru a/arch/sparc/kernel/ptrace.c b/arch/sparc/kernel/ptrace.c --- a/arch/sparc/kernel/ptrace.c Tue Nov 26 14:02:29 2002 +++ b/arch/sparc/kernel/ptrace.c Tue Nov 26 14:02:29 2002 @@ -583,10 +583,15 @@ /* PTRACE_DUMPCORE unsupported... */ - default: - pt_error_return(regs, EIO); + default: { + int err = ptrace_request(child, request, addr, data); + if (err) + pt_error_return(regs, -err); + else + pt_succ_return(regs, 0); goto out_tsk; } + } out_tsk: if (child) put_task_struct(child); @@ -603,7 +608,8 @@ return; if (!(current->ptrace & PT_PTRACED)) return; - current->exit_code = SIGTRAP; + current->exit_code = SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) + ? 0x80 : 0); current->state = TASK_STOPPED; current->thread.flags ^= MAGIC_CONSTANT; notify_parent(current, SIGCHLD); diff -Nru a/arch/sparc/kernel/systbls.S b/arch/sparc/kernel/systbls.S --- a/arch/sparc/kernel/systbls.S Tue Nov 26 14:02:28 2002 +++ b/arch/sparc/kernel/systbls.S Tue Nov 26 14:02:28 2002 @@ -49,7 +49,7 @@ /*140*/ .long sys_sendfile64, sys_nis_syscall, sys_futex, sys_gettid, sys_getrlimit /*145*/ .long sys_setrlimit, sys_pivot_root, sys_prctl, sys_pciconfig_read, sys_pciconfig_write /*150*/ .long sys_nis_syscall, sys_nis_syscall, sys_nis_syscall, sys_poll, sys_getdents64 -/*155*/ .long sys_fcntl64, sys_security, sys_statfs, sys_fstatfs, sys_oldumount +/*155*/ .long sys_fcntl64, sys_ni_syscall, sys_statfs, sys_fstatfs, sys_oldumount /*160*/ .long sys_sched_setaffinity, sys_sched_getaffinity, sys_getdomainname, sys_setdomainname, sys_nis_syscall /*165*/ .long sys_quotactl, sys_set_tid_address, sys_mount, sys_ustat, sys_setxattr /*170*/ .long sys_lsetxattr, sys_fsetxattr, sys_getxattr, sys_lgetxattr, sys_getdents diff -Nru a/arch/sparc64/kernel/ptrace.c b/arch/sparc64/kernel/ptrace.c --- a/arch/sparc64/kernel/ptrace.c Tue Nov 26 14:02:29 2002 +++ b/arch/sparc64/kernel/ptrace.c Tue Nov 26 14:02:29 2002 @@ -570,10 +570,15 @@ /* PTRACE_DUMPCORE unsupported... */ - default: - pt_error_return(regs, EIO); + default: { + int err = ptrace_request(child, request, addr, data); + if (err) + pt_error_return(regs, -err); + else + pt_succ_return(regs, 0); goto out_tsk; } + } flush_and_out: { unsigned long va; @@ -611,7 +616,8 @@ return; if (!(current->ptrace & PT_PTRACED)) return; - current->exit_code = SIGTRAP; + current->exit_code = SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) + ? 0x80 : 0); current->state = TASK_STOPPED; notify_parent(current, SIGCHLD); schedule(); diff -Nru a/arch/sparc64/kernel/sys_sparc32.c b/arch/sparc64/kernel/sys_sparc32.c --- a/arch/sparc64/kernel/sys_sparc32.c Tue Nov 26 14:02:29 2002 +++ b/arch/sparc64/kernel/sys_sparc32.c Tue Nov 26 14:02:29 2002 @@ -3026,8 +3026,7 @@ if ((retval = bprm.envc) < 0) goto out_mm; - retval = security_ops->bprm_alloc_security(&bprm); - if (retval) + if ((retval = security_bprm_alloc(&bprm))) goto out; retval = prepare_binprm(&bprm); @@ -3050,7 +3049,7 @@ retval = search_binary_handler(&bprm, regs); if (retval >= 0) { /* execve success */ - security_ops->bprm_free_security(&bprm); + security_bprm_free(&bprm); return retval; } @@ -3063,7 +3062,7 @@ } if (bprm.security) - security_ops->bprm_free_security(&bprm); + security_bprm_free(&bprm); out_mm: mmdrop(bprm.mm); diff -Nru a/arch/sparc64/kernel/systbls.S b/arch/sparc64/kernel/systbls.S --- a/arch/sparc64/kernel/systbls.S Tue Nov 26 14:02:28 2002 +++ b/arch/sparc64/kernel/systbls.S Tue Nov 26 14:02:28 2002 @@ -50,7 +50,7 @@ /*140*/ .word sys32_sendfile64, sys_nis_syscall, sys_futex, sys_gettid, sys32_getrlimit .word sys32_setrlimit, sys_pivot_root, sys32_prctl, sys32_pciconfig_read, sys32_pciconfig_write /*150*/ .word sys_nis_syscall, sys_nis_syscall, sys_nis_syscall, sys_poll, sys_getdents64 - .word sys32_fcntl64, sys_security, sys32_statfs, sys32_fstatfs, sys_oldumount + .word sys32_fcntl64, sys_ni_syscall, sys32_statfs, sys32_fstatfs, sys_oldumount /*160*/ .word sys32_sched_setaffinity, sys32_sched_getaffinity, sys_getdomainname, sys_setdomainname, sys_nis_syscall .word sys_quotactl, sys_set_tid_address, sys32_mount, sys_ustat, sys_setxattr /*170*/ .word sys_lsetxattr, sys_fsetxattr, sys_getxattr, sys_lgetxattr, sys32_getdents @@ -109,7 +109,7 @@ /*140*/ .word sys_sendfile64, sys_getpeername, sys_futex, sys_gettid, sys_getrlimit .word sys_setrlimit, sys_pivot_root, sys_prctl, sys_pciconfig_read, sys_pciconfig_write /*150*/ .word sys_getsockname, sys_nis_syscall, sys_nis_syscall, sys_poll, sys_getdents64 - .word sys_nis_syscall, sys_security, sys_statfs, sys_fstatfs, sys_oldumount + .word sys_nis_syscall, sys_ni_syscall, sys_statfs, sys_fstatfs, sys_oldumount /*160*/ .word sys_sched_setaffinity, sys_sched_getaffinity, sys_getdomainname, sys_setdomainname, sys_utrap_install .word sys_quotactl, sys_set_tid_address, sys_mount, sys_ustat, sys_setxattr /*170*/ .word sys_lsetxattr, sys_fsetxattr, sys_getxattr, sys_lgetxattr, sys_getdents diff -Nru a/arch/um/kernel/sys_call_table.c b/arch/um/kernel/sys_call_table.c --- a/arch/um/kernel/sys_call_table.c Tue Nov 26 14:02:29 2002 +++ b/arch/um/kernel/sys_call_table.c Tue Nov 26 14:02:29 2002 @@ -217,7 +217,6 @@ extern syscall_handler_t sys_madvise; extern syscall_handler_t sys_fcntl64; extern syscall_handler_t sys_getdents64; -extern syscall_handler_t sys_security; extern syscall_handler_t sys_gettid; extern syscall_handler_t sys_readahead; extern syscall_handler_t sys_tkill; @@ -458,7 +457,6 @@ [ __NR_fstat64 ] = sys_fstat64, [ __NR_fcntl64 ] = sys_fcntl64, [ __NR_getdents64 ] = sys_getdents64, - [ __NR_security ] = sys_security, [ __NR_gettid ] = sys_gettid, [ __NR_readahead ] = sys_readahead, [ __NR_setxattr ] = sys_ni_syscall, diff -Nru a/arch/x86_64/kernel/ptrace.c b/arch/x86_64/kernel/ptrace.c --- a/arch/x86_64/kernel/ptrace.c Tue Nov 26 14:02:28 2002 +++ b/arch/x86_64/kernel/ptrace.c Tue Nov 26 14:02:28 2002 @@ -178,8 +178,7 @@ /* are we already being traced? */ if (current->ptrace & PT_PTRACED) goto out; - ret = security_ops->ptrace(current->parent, current); - if (ret) + if ((ret = security_ptrace(current->parent, current))) goto out; /* set the ptrace bit in the process flags. */ current->ptrace |= PT_PTRACED; diff -Nru a/fs/attr.c b/fs/attr.c --- a/fs/attr.c Tue Nov 26 14:02:28 2002 +++ b/fs/attr.c Tue Nov 26 14:02:28 2002 @@ -157,13 +157,12 @@ return 0; if (inode->i_op && inode->i_op->setattr) { - error = security_ops->inode_setattr(dentry, attr); - if (!error) + if (!(error = security_inode_setattr(dentry, attr))) error = inode->i_op->setattr(dentry, attr); } else { error = inode_change_ok(inode, attr); if (!error) - error = security_ops->inode_setattr(dentry, attr); + error = security_inode_setattr(dentry, attr); if (!error) { if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) diff -Nru a/fs/dquot.c b/fs/dquot.c --- a/fs/dquot.c Tue Nov 26 14:02:29 2002 +++ b/fs/dquot.c Tue Nov 26 14:02:29 2002 @@ -70,6 +70,7 @@ #include #include #include +#include #include @@ -1306,8 +1307,7 @@ error = -EIO; if (!f->f_op || !f->f_op->read || !f->f_op->write) goto out_f; - error = security_ops->quota_on(f); - if (error) + if ((error = security_quota_on(f))) goto out_f; inode = f->f_dentry->d_inode; error = -EACCES; diff -Nru a/fs/exec.c b/fs/exec.c --- a/fs/exec.c Tue Nov 26 14:02:28 2002 +++ b/fs/exec.c Tue Nov 26 14:02:28 2002 @@ -44,6 +44,7 @@ #include #include #include +#include #include #include @@ -840,8 +841,7 @@ } /* fill in binprm security blob */ - retval = security_ops->bprm_set_security(bprm); - if (retval) + if ((retval = security_bprm_set(bprm))) return retval; memset(bprm->buf,0,BINPRM_BUF_SIZE); @@ -889,7 +889,7 @@ if(do_unlock) unlock_kernel(); - security_ops->bprm_compute_creds(bprm); + security_bprm_compute_creds(bprm); } void remove_arg_zero(struct linux_binprm *bprm) @@ -958,8 +958,7 @@ } } #endif - retval = security_ops->bprm_check_security(bprm); - if (retval) + if ((retval = security_bprm_check(bprm))) return retval; /* kernel module loader fixup */ @@ -1055,8 +1054,7 @@ if ((retval = bprm.envc) < 0) goto out_mm; - retval = security_ops->bprm_alloc_security(&bprm); - if (retval) + if ((retval = security_bprm_alloc(&bprm))) goto out; retval = prepare_binprm(&bprm); @@ -1081,7 +1079,7 @@ free_arg_pages(&bprm); /* execve success */ - security_ops->bprm_free_security(&bprm); + security_bprm_free(&bprm); return retval; } @@ -1094,7 +1092,7 @@ } if (bprm.security) - security_ops->bprm_free_security(&bprm); + security_bprm_free(&bprm); out_mm: mmdrop(bprm.mm); diff -Nru a/fs/file_table.c b/fs/file_table.c --- a/fs/file_table.c Tue Nov 26 14:02:28 2002 +++ b/fs/file_table.c Tue Nov 26 14:02:28 2002 @@ -46,7 +46,7 @@ files_stat.nr_free_files--; new_one: memset(f, 0, sizeof(*f)); - if (security_ops->file_alloc_security(f)) { + if (security_file_alloc(f)) { list_add(&f->f_list, &free_list); files_stat.nr_free_files++; file_list_unlock(); @@ -134,7 +134,7 @@ if (file->f_op && file->f_op->release) file->f_op->release(inode, file); - security_ops->file_free_security(file); + security_file_free(file); fops_put(file->f_op); if (file->f_mode & FMODE_WRITE) put_write_access(inode); @@ -167,7 +167,7 @@ void put_filp(struct file *file) { if(atomic_dec_and_test(&file->f_count)) { - security_ops->file_free_security(file); + security_file_free(file); file_list_lock(); list_del(&file->f_list); list_add(&file->f_list, &free_list); diff -Nru a/fs/inode.c b/fs/inode.c --- a/fs/inode.c Tue Nov 26 14:02:29 2002 +++ b/fs/inode.c Tue Nov 26 14:02:29 2002 @@ -119,7 +119,7 @@ inode->i_bdev = NULL; inode->i_cdev = NULL; inode->i_security = NULL; - if (security_ops->inode_alloc_security(inode)) { + if (security_inode_alloc(inode)) { if (inode->i_sb->s_op->destroy_inode) inode->i_sb->s_op->destroy_inode(inode); else @@ -145,7 +145,7 @@ { if (inode_has_buffers(inode)) BUG(); - security_ops->inode_free_security(inode); + security_inode_free(inode); if (inode->i_sb->s_op->destroy_inode) inode->i_sb->s_op->destroy_inode(inode); else @@ -935,7 +935,7 @@ if (inode->i_data.nrpages) truncate_inode_pages(&inode->i_data, 0); - security_ops->inode_delete(inode); + security_inode_delete(inode); if (op && op->delete_inode) { void (*delete)(struct inode *) = op->delete_inode; diff -Nru a/fs/locks.c b/fs/locks.c --- a/fs/locks.c Tue Nov 26 14:02:29 2002 +++ b/fs/locks.c Tue Nov 26 14:02:29 2002 @@ -122,6 +122,7 @@ #include #include #include +#include #include #include @@ -1184,8 +1185,7 @@ return -EACCES; if (!S_ISREG(inode->i_mode)) return -EINVAL; - error = security_ops->file_lock(filp, arg); - if (error) + if ((error = security_file_lock(filp, arg))) return error; lock_kernel(); @@ -1298,8 +1298,7 @@ if (error) goto out_putf; - error = security_ops->file_lock(filp, cmd); - if (error) + if ((error = security_file_lock(filp, cmd))) goto out_free; for (;;) { @@ -1450,8 +1449,7 @@ goto out; } - error = security_ops->file_lock(filp, file_lock->fl_type); - if (error) + if ((error = security_file_lock(filp, file_lock->fl_type))) goto out; if (filp->f_op && filp->f_op->lock != NULL) { @@ -1590,8 +1588,7 @@ goto out; } - error = security_ops->file_lock(filp, file_lock->fl_type); - if (error) + if ((error = security_file_lock(filp, file_lock->fl_type))) goto out; if (filp->f_op && filp->f_op->lock != NULL) { diff -Nru a/fs/namei.c b/fs/namei.c --- a/fs/namei.c Tue Nov 26 14:02:28 2002 +++ b/fs/namei.c Tue Nov 26 14:02:28 2002 @@ -218,7 +218,7 @@ if (retval) return retval; - return security_ops->inode_permission(inode, mask); + return security_inode_permission(inode, mask); } /* @@ -340,7 +340,7 @@ return -EACCES; ok: - return security_ops->inode_permission_lite(inode, MAY_EXEC); + return security_inode_permission_lite(inode, MAY_EXEC); } /* @@ -374,7 +374,7 @@ dput(dentry); else { result = dentry; - security_ops->inode_post_lookup(dir, result); + security_inode_post_lookup(dir, result); } } up(&dir->i_sem); @@ -413,8 +413,7 @@ current->state = TASK_RUNNING; schedule(); } - err = security_ops->inode_follow_link(dentry, nd); - if (err) + if ((err = security_inode_follow_link(dentry, nd))) goto loop; current->link_count++; current->total_link_count++; @@ -918,7 +917,7 @@ dentry = inode->i_op->lookup(inode, new); if (!dentry) { dentry = new; - security_ops->inode_post_lookup(inode, dentry); + security_inode_post_lookup(inode, dentry); } else dput(new); } @@ -1125,14 +1124,13 @@ return -EACCES; /* shouldn't it be ENOSYS? */ mode &= S_IALLUGO; mode |= S_IFREG; - error = security_ops->inode_create(dir, dentry, mode); - if (error) + if ((error = security_inode_create(dir, dentry, mode))) return error; DQUOT_INIT(dir); error = dir->i_op->create(dir, dentry, mode); if (!error) { inode_dir_notify(dir, DN_CREATE); - security_ops->inode_post_create(dir, dentry, mode); + security_inode_post_create(dir, dentry, mode); } return error; } @@ -1345,8 +1343,7 @@ * stored in nd->last.name and we will have to putname() it when we * are done. Procfs-like symlinks just set LAST_BIND. */ - error = security_ops->inode_follow_link(dentry, nd); - if (error) + if ((error = security_inode_follow_link(dentry, nd))) goto exit_dput; UPDATE_ATIME(dentry->d_inode); error = dentry->d_inode->i_op->follow_link(dentry, nd); @@ -1411,15 +1408,14 @@ if (!dir->i_op || !dir->i_op->mknod) return -EPERM; - error = security_ops->inode_mknod(dir, dentry, mode, dev); - if (error) + if ((error = security_inode_mknod(dir, dentry, mode, dev))) return error; DQUOT_INIT(dir); error = dir->i_op->mknod(dir, dentry, mode, dev); if (!error) { inode_dir_notify(dir, DN_CREATE); - security_ops->inode_post_mknod(dir, dentry, mode, dev); + security_inode_post_mknod(dir, dentry, mode, dev); } return error; } @@ -1480,15 +1476,14 @@ return -EPERM; mode &= (S_IRWXUGO|S_ISVTX); - error = security_ops->inode_mkdir(dir, dentry, mode); - if (error) + if ((error = security_inode_mkdir(dir, dentry, mode))) return error; DQUOT_INIT(dir); error = dir->i_op->mkdir(dir, dentry, mode); if (!error) { inode_dir_notify(dir, DN_CREATE); - security_ops->inode_post_mkdir(dir,dentry, mode); + security_inode_post_mkdir(dir,dentry, mode); } return error; } @@ -1573,8 +1568,7 @@ if (d_mountpoint(dentry)) error = -EBUSY; else { - error = security_ops->inode_rmdir(dir, dentry); - if (!error) { + if (!(error = security_inode_rmdir(dir, dentry))) { error = dir->i_op->rmdir(dir, dentry); if (!error) dentry->d_inode->i_flags |= S_DEAD; @@ -1647,10 +1641,8 @@ if (d_mountpoint(dentry)) error = -EBUSY; else { - error = security_ops->inode_unlink(dir, dentry); - if (!error) { + if (!(error = security_inode_unlink(dir, dentry))) error = dir->i_op->unlink(dir, dentry); - } } up(&dentry->d_inode->i_sem); if (!error) { @@ -1712,15 +1704,14 @@ if (!dir->i_op || !dir->i_op->symlink) return -EPERM; - error = security_ops->inode_symlink(dir, dentry, oldname); - if (error) + if ((error = security_inode_symlink(dir, dentry, oldname))) return error; DQUOT_INIT(dir); error = dir->i_op->symlink(dir, dentry, oldname); if (!error) { inode_dir_notify(dir, DN_CREATE); - security_ops->inode_post_symlink(dir, dentry, oldname); + security_inode_post_symlink(dir, dentry, oldname); } return error; } @@ -1783,8 +1774,7 @@ if (S_ISDIR(old_dentry->d_inode->i_mode)) return -EPERM; - error = security_ops->inode_link(old_dentry, dir, new_dentry); - if (error) + if ((error = security_inode_link(old_dentry, dir, new_dentry))) return error; down(&old_dentry->d_inode->i_sem); @@ -1793,7 +1783,7 @@ up(&old_dentry->d_inode->i_sem); if (!error) { inode_dir_notify(dir, DN_CREATE); - security_ops->inode_post_link(old_dentry, dir, new_dentry); + security_inode_post_link(old_dentry, dir, new_dentry); } return error; } @@ -1892,8 +1882,7 @@ return error; } - error = security_ops->inode_rename(old_dir, old_dentry, new_dir, new_dentry); - if (error) + if ((error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry))) return error; target = new_dentry->d_inode; @@ -1915,8 +1904,8 @@ } if (!error) { d_move(old_dentry,new_dentry); - security_ops->inode_post_rename(old_dir, old_dentry, - new_dir, new_dentry); + security_inode_post_rename(old_dir, old_dentry, + new_dir, new_dentry); } return error; } @@ -1927,8 +1916,7 @@ struct inode *target; int error; - error = security_ops->inode_rename(old_dir, old_dentry, new_dir, new_dentry); - if (error) + if ((error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry))) return error; dget(new_dentry); @@ -1943,7 +1931,7 @@ /* The following d_move() should become unconditional */ if (!(old_dir->i_sb->s_type->fs_flags & FS_ODD_RENAME)) d_move(old_dentry, new_dentry); - security_ops->inode_post_rename(old_dir, old_dentry, new_dir, new_dentry); + security_inode_post_rename(old_dir, old_dentry, new_dir, new_dentry); } if (target) up(&target->i_sem); diff -Nru a/fs/namespace.c b/fs/namespace.c --- a/fs/namespace.c Tue Nov 26 14:02:29 2002 +++ b/fs/namespace.c Tue Nov 26 14:02:29 2002 @@ -19,6 +19,7 @@ #include #include #include +#include #include #include @@ -288,8 +289,7 @@ struct super_block * sb = mnt->mnt_sb; int retval = 0; - retval = security_ops->sb_umount(mnt, flags); - if (retval) + if ((retval = security_sb_umount(mnt, flags))) return retval; /* @@ -341,7 +341,7 @@ DQUOT_OFF(sb); acct_auto_close(sb); unlock_kernel(); - security_ops->sb_umount_close(mnt); + security_sb_umount_close(mnt); spin_lock(&dcache_lock); } retval = -EBUSY; @@ -352,7 +352,7 @@ } spin_unlock(&dcache_lock); if (retval) - security_ops->sb_umount_busy(mnt); + security_sb_umount_busy(mnt); up_write(¤t->namespace->sem); return retval; } @@ -470,8 +470,7 @@ if (IS_DEADDIR(nd->dentry->d_inode)) goto out_unlock; - err = security_ops->sb_check_sb(mnt, nd); - if (err) + if ((err = security_sb_check_sb(mnt, nd))) goto out_unlock; spin_lock(&dcache_lock); @@ -487,7 +486,7 @@ out_unlock: up(&nd->dentry->d_inode->i_sem); if (!err) - security_ops->sb_post_addmount(mnt, nd); + security_sb_post_addmount(mnt, nd); return err; } @@ -558,7 +557,7 @@ nd->mnt->mnt_flags=mnt_flags; up_write(&sb->s_umount); if (!err) - security_ops->sb_post_remount(nd->mnt, flags, data); + security_sb_post_remount(nd->mnt, flags, data); return err; } @@ -741,8 +740,7 @@ if (retval) return retval; - retval = security_ops->sb_mount(dev_name, &nd, type_page, flags, data_page); - if (retval) + if ((retval = security_sb_mount(dev_name, &nd, type_page, flags, data_page))) goto dput_out; if (flags & MS_REMOUNT) @@ -987,8 +985,7 @@ if (error) goto out1; - error = security_ops->sb_pivotroot(&old_nd, &new_nd); - if (error) { + if ((error = security_sb_pivotroot(&old_nd, &new_nd))) { path_release(&old_nd); goto out1; } @@ -1037,7 +1034,7 @@ attach_mnt(new_nd.mnt, &root_parent); spin_unlock(&dcache_lock); chroot_fs_refs(&user_nd, &new_nd); - security_ops->sb_post_pivotroot(&user_nd, &new_nd); + security_sb_post_pivotroot(&user_nd, &new_nd); error = 0; path_release(&root_parent); path_release(&parent_nd); diff -Nru a/fs/open.c b/fs/open.c --- a/fs/open.c Tue Nov 26 14:02:28 2002 +++ b/fs/open.c Tue Nov 26 14:02:28 2002 @@ -31,8 +31,7 @@ retval = -ENOSYS; if (sb->s_op && sb->s_op->statfs) { memset(buf, 0, sizeof(struct statfs)); - retval = security_ops->sb_statfs(sb); - if (retval) + if ((retval = security_sb_statfs(sb))) return retval; retval = sb->s_op->statfs(sb, buf); } diff -Nru a/fs/proc/base.c b/fs/proc/base.c --- a/fs/proc/base.c Tue Nov 26 14:02:28 2002 +++ b/fs/proc/base.c Tue Nov 26 14:02:29 2002 @@ -30,6 +30,7 @@ #include #include #include +#include /* * For hysterical raisins we keep the same inumbers as in the old procfs. @@ -420,7 +421,7 @@ }; #define MAY_PTRACE(p) \ -(p==current||(p->parent==current&&(p->ptrace & PT_PTRACED)&&p->state==TASK_STOPPED&&security_ops->ptrace(current,p)==0)) +(p==current||(p->parent==current&&(p->ptrace & PT_PTRACED)&&p->state==TASK_STOPPED&&security_ptrace(current,p)==0)) static int mem_open(struct inode* inode, struct file* file) diff -Nru a/fs/read_write.c b/fs/read_write.c --- a/fs/read_write.c Tue Nov 26 14:02:29 2002 +++ b/fs/read_write.c Tue Nov 26 14:02:29 2002 @@ -193,8 +193,7 @@ ret = locks_verify_area(FLOCK_VERIFY_READ, inode, file, *pos, count); if (!ret) { - ret = security_ops->file_permission (file, MAY_READ); - if (!ret) { + if (!(ret = security_file_permission (file, MAY_READ))) { if (file->f_op->read) ret = file->f_op->read(file, buf, count, pos); else @@ -233,8 +232,7 @@ ret = locks_verify_area(FLOCK_VERIFY_WRITE, inode, file, *pos, count); if (!ret) { - ret = security_ops->file_permission (file, MAY_WRITE); - if (!ret) { + if (!(ret = security_file_permission (file, MAY_WRITE))) { if (file->f_op->write) ret = file->f_op->write(file, buf, count, pos); else diff -Nru a/fs/stat.c b/fs/stat.c --- a/fs/stat.c Tue Nov 26 14:02:28 2002 +++ b/fs/stat.c Tue Nov 26 14:02:28 2002 @@ -38,8 +38,7 @@ struct inode *inode = dentry->d_inode; int retval; - retval = security_ops->inode_getattr(mnt, dentry); - if (retval) + if ((retval = security_inode_getattr(mnt, dentry))) return retval; if (inode->i_op->getattr) @@ -242,8 +241,7 @@ error = -EINVAL; if (inode->i_op && inode->i_op->readlink) { - error = security_ops->inode_readlink(nd.dentry); - if (!error) { + if (!(error = security_inode_readlink(nd.dentry))) { UPDATE_ATIME(inode); error = inode->i_op->readlink(nd.dentry, buf, bufsiz); } diff -Nru a/fs/super.c b/fs/super.c --- a/fs/super.c Tue Nov 26 14:02:28 2002 +++ b/fs/super.c Tue Nov 26 14:02:28 2002 @@ -29,9 +29,9 @@ #include #include /* for fsync_super() */ #include +#include #include -#include void get_filesystem(struct file_system_type *fs); void put_filesystem(struct file_system_type *fs); @@ -51,7 +51,7 @@ struct super_block *s = kmalloc(sizeof(struct super_block), GFP_USER); if (s) { memset(s, 0, sizeof(struct super_block)); - if (security_ops->sb_alloc_security(s)) { + if (security_sb_alloc(s)) { kfree(s); s = NULL; goto out; @@ -85,7 +85,7 @@ */ static inline void destroy_super(struct super_block *s) { - security_ops->sb_free_security(s); + security_sb_free(s); kfree(s); } diff -Nru a/include/asm-alpha/unistd.h b/include/asm-alpha/unistd.h --- a/include/asm-alpha/unistd.h Tue Nov 26 14:02:28 2002 +++ b/include/asm-alpha/unistd.h Tue Nov 26 14:02:28 2002 @@ -317,7 +317,7 @@ #define __NR_getdents64 377 #define __NR_gettid 378 #define __NR_readahead 379 -#define __NR_security 380 /* syscall for security modules */ +/* 380 is unused */ #define __NR_tkill 381 #define __NR_setxattr 382 #define __NR_lsetxattr 383 diff -Nru a/include/asm-i386/unistd.h b/include/asm-i386/unistd.h --- a/include/asm-i386/unistd.h Tue Nov 26 14:02:29 2002 +++ b/include/asm-i386/unistd.h Tue Nov 26 14:02:29 2002 @@ -227,7 +227,7 @@ #define __NR_madvise1 219 /* delete when C lib stub is removed */ #define __NR_getdents64 220 #define __NR_fcntl64 221 -#define __NR_security 223 /* syscall for security modules */ +/* 223 is unused */ #define __NR_gettid 224 #define __NR_readahead 225 #define __NR_setxattr 226 diff -Nru a/include/asm-ia64/unistd.h b/include/asm-ia64/unistd.h --- a/include/asm-ia64/unistd.h Tue Nov 26 14:02:28 2002 +++ b/include/asm-ia64/unistd.h Tue Nov 26 14:02:28 2002 @@ -222,7 +222,7 @@ #define __NR_futex 1230 #define __NR_sched_setaffinity 1231 #define __NR_sched_getaffinity 1232 -#define __NR_security 1233 +/* 1233 currently unused */ #define __NR_alloc_hugepages 1234 #define __NR_free_hugepages 1235 #define __NR_exit_group 1236 diff -Nru a/include/asm-ppc/unistd.h b/include/asm-ppc/unistd.h --- a/include/asm-ppc/unistd.h Tue Nov 26 14:02:28 2002 +++ b/include/asm-ppc/unistd.h Tue Nov 26 14:02:28 2002 @@ -228,7 +228,7 @@ #define __NR_futex 221 #define __NR_sched_setaffinity 222 #define __NR_sched_getaffinity 223 -#define __NR_security 224 +/* 224 currently unused */ #define __NR_tuxcall 225 #define __NR_sendfile64 226 #define __NR_io_setup 227 diff -Nru a/include/asm-ppc64/unistd.h b/include/asm-ppc64/unistd.h --- a/include/asm-ppc64/unistd.h Tue Nov 26 14:02:28 2002 +++ b/include/asm-ppc64/unistd.h Tue Nov 26 14:02:28 2002 @@ -233,7 +233,7 @@ #define __NR_futex 221 #define __NR_sched_setaffinity 222 #define __NR_sched_getaffinity 223 -#define __NR_security 224 +/* 224 currently unused */ #define __NR_tuxcall 225 #define __NR_sendfile64 226 #define __NR_io_setup 227 diff -Nru a/include/asm-s390/unistd.h b/include/asm-s390/unistd.h --- a/include/asm-s390/unistd.h Tue Nov 26 14:02:29 2002 +++ b/include/asm-s390/unistd.h Tue Nov 26 14:02:29 2002 @@ -231,7 +231,9 @@ #define __NR_futex 238 #define __NR_sched_setaffinity 239 #define __NR_sched_getaffinity 240 -#define __NR_security 241 /* syscall for security modules */ +/* + * Number 241 is currently unused + */ /* * Number 242 is reserved for tux */ diff -Nru a/include/asm-s390x/unistd.h b/include/asm-s390x/unistd.h --- a/include/asm-s390x/unistd.h Tue Nov 26 14:02:29 2002 +++ b/include/asm-s390x/unistd.h Tue Nov 26 14:02:29 2002 @@ -198,7 +198,9 @@ #define __NR_futex 238 #define __NR_sched_setaffinity 239 #define __NR_sched_getaffinity 240 -#define __NR_security 241 /* syscall for security modules */ +/* + * Number 241 is currently unused + */ /* * Number 242 is reserved for tux */ diff -Nru a/include/asm-sparc/unistd.h b/include/asm-sparc/unistd.h --- a/include/asm-sparc/unistd.h Tue Nov 26 14:02:28 2002 +++ b/include/asm-sparc/unistd.h Tue Nov 26 14:02:28 2002 @@ -171,7 +171,7 @@ #define __NR_poll 153 /* Common */ #define __NR_getdents64 154 /* Linux specific */ #define __NR_fcntl64 155 /* Linux sparc32 Specific */ -#define __NR_security 156 /* getdirentries under SunOS */ +/* #define __NR_getdirentires 156 SunOS Specific */ #define __NR_statfs 157 /* Common */ #define __NR_fstatfs 158 /* Common */ #define __NR_umount 159 /* Common */ diff -Nru a/include/asm-sparc64/unistd.h b/include/asm-sparc64/unistd.h --- a/include/asm-sparc64/unistd.h Tue Nov 26 14:02:28 2002 +++ b/include/asm-sparc64/unistd.h Tue Nov 26 14:02:28 2002 @@ -171,7 +171,7 @@ #define __NR_poll 153 /* Common */ #define __NR_getdents64 154 /* Linux specific */ /* #define __NR_fcntl64 155 Linux sparc32 Specific */ -#define __NR_security 156 /* getdirentries under SunOS */ +/* #define __NR_getdirentries 156 SunOS Specific */ #define __NR_statfs 157 /* Common */ #define __NR_fstatfs 158 /* Common */ #define __NR_umount 159 /* Common */ diff -Nru a/include/linux/sched.h b/include/linux/sched.h --- a/include/linux/sched.h Tue Nov 26 14:02:28 2002 +++ b/include/linux/sched.h Tue Nov 26 14:02:28 2002 @@ -539,9 +539,9 @@ : on_sig_stack(sp) ? SS_ONSTACK : 0); } -/* capable prototype and code moved to security.[hc] */ -#include -#if 0 + +#ifndef CONFIG_SECURITY +/* capable prototype and code are in security.[hc] if CONFIG_SECURITY */ static inline int capable(int cap) { if (cap_raised(current->cap_effective, cap)) { @@ -550,7 +550,7 @@ } return 0; } -#endif /* if 0 */ +#endif /* * Routines for handling mm_structs diff -Nru a/init/do_mounts.c b/init/do_mounts.c --- a/init/do_mounts.c Tue Nov 26 14:02:28 2002 +++ b/init/do_mounts.c Tue Nov 26 14:02:28 2002 @@ -13,6 +13,7 @@ #include #include #include +#include #include #include @@ -887,7 +888,7 @@ sys_umount("/dev", 0); sys_mount(".", "/", NULL, MS_MOVE, NULL); sys_chroot("."); - security_ops->sb_post_mountroot(); + security_sb_post_mountroot(); mount_devfs_fs (); } diff -Nru a/ipc/msg.c b/ipc/msg.c --- a/ipc/msg.c Tue Nov 26 14:02:28 2002 +++ b/ipc/msg.c Tue Nov 26 14:02:28 2002 @@ -101,15 +101,14 @@ msq->q_perm.key = key; msq->q_perm.security = NULL; - retval = security_ops->msg_queue_alloc_security(msq); - if (retval) { + if ((retval = security_msg_queue_alloc(msq))) { ipc_rcu_free(msq, sizeof(*msq)); return retval; } id = ipc_addid(&msg_ids, &msq->q_perm, msg_ctlmni); if(id == -1) { - security_ops->msg_queue_free_security(msq); + security_msg_queue_free(msq); ipc_rcu_free(msq, sizeof(*msq)); return -ENOSPC; } @@ -281,7 +280,7 @@ free_msg(msg); } atomic_sub(msq->q_cbytes, &msg_bytes); - security_ops->msg_queue_free_security(msq); + security_msg_queue_free(msq); ipc_rcu_free(msq, sizeof(struct msg_queue)); } diff -Nru a/ipc/sem.c b/ipc/sem.c --- a/ipc/sem.c Tue Nov 26 14:02:28 2002 +++ b/ipc/sem.c Tue Nov 26 14:02:28 2002 @@ -136,15 +136,14 @@ sma->sem_perm.key = key; sma->sem_perm.security = NULL; - retval = security_ops->sem_alloc_security(sma); - if (retval) { + if ((retval = security_sem_alloc(sma))) { ipc_rcu_free(sma, size); return retval; } id = ipc_addid(&sem_ids, &sma->sem_perm, sc_semmni); if(id == -1) { - security_ops->sem_free_security(sma); + security_sem_free(sma); ipc_rcu_free(sma, size); return -ENOSPC; } @@ -427,7 +426,7 @@ used_sems -= sma->sem_nsems; size = sizeof (*sma) + sma->sem_nsems * sizeof (struct sem); - security_ops->sem_free_security(sma); + security_sem_free(sma); ipc_rcu_free(sma, size); } diff -Nru a/ipc/shm.c b/ipc/shm.c --- a/ipc/shm.c Tue Nov 26 14:02:28 2002 +++ b/ipc/shm.c Tue Nov 26 14:02:28 2002 @@ -116,7 +116,7 @@ if (!is_file_hugepages(shp->shm_file)) shmem_lock(shp->shm_file, 0); fput (shp->shm_file); - security_ops->shm_free_security(shp); + security_shm_free(shp); ipc_rcu_free(shp, sizeof(struct shmid_kernel)); } @@ -188,8 +188,7 @@ shp->shm_flags = (shmflg & S_IRWXUGO); shp->shm_perm.security = NULL; - error = security_ops->shm_alloc_security(shp); - if (error) { + if ((error = security_shm_alloc(shp))) { ipc_rcu_free(shp, sizeof(*shp)); return error; } @@ -229,7 +228,7 @@ no_id: fput(file); no_file: - security_ops->shm_free_security(shp); + security_shm_free(shp); ipc_rcu_free(shp, sizeof(*shp)); return error; } diff -Nru a/ipc/util.c b/ipc/util.c --- a/ipc/util.c Tue Nov 26 14:02:28 2002 +++ b/ipc/util.c Tue Nov 26 14:02:28 2002 @@ -364,7 +364,7 @@ !capable(CAP_IPC_OWNER)) return -1; - return security_ops->ipc_permission(ipcp, flag); + return security_ipc_permission(ipcp, flag); } /* diff -Nru a/kernel/capability.c b/kernel/capability.c --- a/kernel/capability.c Tue Nov 26 14:02:28 2002 +++ b/kernel/capability.c Tue Nov 26 14:02:28 2002 @@ -8,6 +8,7 @@ */ #include +#include #include unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */ @@ -63,7 +64,7 @@ } else target = current; - ret = security_ops->capget(target, &data.effective, &data.inheritable, &data.permitted); + ret = security_capget(target, &data.effective, &data.inheritable, &data.permitted); out: read_unlock(&tasklist_lock); @@ -88,7 +89,7 @@ do_each_thread(g, target) { if (target->pgrp != pgrp) continue; - security_ops->capset_set(target, effective, inheritable, permitted); + security_capset_set(target, effective, inheritable, permitted); } while_each_thread(g, target); } @@ -105,7 +106,7 @@ do_each_thread(g, target) { if (target == current || target->pid == 1) continue; - security_ops->capset_set(target, effective, inheritable, permitted); + security_capset_set(target, effective, inheritable, permitted); } while_each_thread(g, target); } @@ -163,7 +164,7 @@ ret = -EPERM; - if (security_ops->capset_check(target, &effective, &inheritable, &permitted)) + if (security_capset_check(target, &effective, &inheritable, &permitted)) goto out; if (!cap_issubset(inheritable, cap_combine(target->cap_inheritable, @@ -190,7 +191,7 @@ else /* all procs in process group */ cap_set_pg(-pid, &effective, &inheritable, &permitted); } else { - security_ops->capset_set(target, &effective, &inheritable, &permitted); + security_capset_set(target, &effective, &inheritable, &permitted); } out: diff -Nru a/kernel/exit.c b/kernel/exit.c --- a/kernel/exit.c Tue Nov 26 14:02:29 2002 +++ b/kernel/exit.c Tue Nov 26 14:02:29 2002 @@ -68,7 +68,7 @@ wait_task_inactive(p); atomic_dec(&p->user->processes); - security_ops->task_free_security(p); + security_task_free(p); free_uid(p->user); write_lock_irq(&tasklist_lock); if (unlikely(p->ptrace)) @@ -249,7 +249,7 @@ /* cpus_allowed? */ /* rt_priority? */ /* signals? */ - security_ops->task_reparent_to_init(current); + security_task_reparent_to_init(current); memcpy(current->rlim, init_task.rlim, sizeof(*(current->rlim))); current->user = INIT_USER; @@ -787,7 +787,7 @@ if (current->tgid != p->tgid && delay_group_leader(p)) return 2; - if (security_ops->task_wait(p)) + if (security_task_wait(p)) return 0; return 1; diff -Nru a/kernel/fork.c b/kernel/fork.c --- a/kernel/fork.c Tue Nov 26 14:02:28 2002 +++ b/kernel/fork.c Tue Nov 26 14:02:28 2002 @@ -717,8 +717,7 @@ if ((clone_flags & CLONE_DETACHED) && !(clone_flags & CLONE_THREAD)) return ERR_PTR(-EINVAL); - retval = security_ops->task_create(clone_flags); - if (retval) + if ((retval = security_task_create(clone_flags))) goto fork_out; retval = -ENOMEM; @@ -811,7 +810,7 @@ p->core_waiter = 0; retval = -ENOMEM; - if (security_ops->task_alloc_security(p)) + if (security_task_alloc(p)) goto bad_fork_cleanup; /* copy all the process information */ if (copy_semundo(clone_flags, p)) @@ -964,7 +963,7 @@ bad_fork_cleanup_semundo: exit_semundo(p); bad_fork_cleanup_security: - security_ops->task_free_security(p); + security_task_free(p); bad_fork_cleanup: if (p->pid > 0) free_pidmap(p->pid); diff -Nru a/kernel/kmod.c b/kernel/kmod.c --- a/kernel/kmod.c Tue Nov 26 14:02:28 2002 +++ b/kernel/kmod.c Tue Nov 26 14:02:28 2002 @@ -29,6 +29,7 @@ #include #include #include +#include #include #include @@ -134,7 +135,7 @@ /* Give kmod all effective privileges.. */ curtask->euid = curtask->fsuid = 0; curtask->egid = curtask->fsgid = 0; - security_ops->task_kmod_set_label(); + security_task_kmod_set_label(); /* Allow execve args to be in kernel space. */ set_fs(KERNEL_DS); diff -Nru a/kernel/ptrace.c b/kernel/ptrace.c --- a/kernel/ptrace.c Tue Nov 26 14:02:29 2002 +++ b/kernel/ptrace.c Tue Nov 26 14:02:29 2002 @@ -248,3 +248,72 @@ } return copied; } + +static int ptrace_setoptions(struct task_struct *child, long data) +{ + if (data & PTRACE_O_TRACESYSGOOD) + child->ptrace |= PT_TRACESYSGOOD; + else + child->ptrace &= ~PT_TRACESYSGOOD; + + if (data & PTRACE_O_TRACEFORK) + child->ptrace |= PT_TRACE_FORK; + else + child->ptrace &= ~PT_TRACE_FORK; + + if (data & PTRACE_O_TRACEVFORK) + child->ptrace |= PT_TRACE_VFORK; + else + child->ptrace &= ~PT_TRACE_VFORK; + + if (data & PTRACE_O_TRACECLONE) + child->ptrace |= PT_TRACE_CLONE; + else + child->ptrace &= ~PT_TRACE_CLONE; + + if (data & PTRACE_O_TRACEEXEC) + child->ptrace |= PT_TRACE_EXEC; + else + child->ptrace &= ~PT_TRACE_EXEC; + + if ((data & (PTRACE_O_TRACESYSGOOD | PTRACE_O_TRACEFORK + | PTRACE_O_TRACEVFORK | PTRACE_O_TRACECLONE + | PTRACE_O_TRACEEXEC)) + != data) + return -EINVAL; + + return 0; +} + +int ptrace_request(struct task_struct *child, long request, + long addr, long data) +{ + int ret = -EIO; + + switch (request) { +#ifdef PTRACE_OLDSETOPTIONS + case PTRACE_OLDSETOPTIONS: +#endif + case PTRACE_SETOPTIONS: + ret = ptrace_setoptions(child, data); + break; + case PTRACE_GETEVENTMSG: + ret = put_user(child->ptrace_message, (unsigned long *) data); + break; + default: + break; + } + + return ret; +} + +void ptrace_notify(int exit_code) +{ + BUG_ON (!(current->ptrace & PT_PTRACED)); + + /* Let the debugger run. */ + current->exit_code = exit_code; + set_current_state(TASK_STOPPED); + notify_parent(current, SIGCHLD); + schedule(); +} diff -Nru a/kernel/sched.c b/kernel/sched.c --- a/kernel/sched.c Tue Nov 26 14:02:29 2002 +++ b/kernel/sched.c Tue Nov 26 14:02:29 2002 @@ -1348,8 +1348,7 @@ if (nice > 19) nice = 19; - retval = security_ops->task_setnice(current, nice); - if (retval) + if ((retval = security_task_setnice(current, nice))) return retval; set_user_nice(current, nice); @@ -1470,8 +1469,7 @@ !capable(CAP_SYS_NICE)) goto out_unlock; - retval = security_ops->task_setscheduler(p, policy, &lp); - if (retval) + if ((retval = security_task_setscheduler(p, policy, &lp))) goto out_unlock; array = p->array; @@ -1534,8 +1532,7 @@ read_lock(&tasklist_lock); p = find_process_by_pid(pid); if (p) { - retval = security_ops->task_getscheduler(p); - if (!retval) + if (!(retval = security_task_getscheduler(p))) retval = p->policy; } read_unlock(&tasklist_lock); @@ -1564,8 +1561,7 @@ if (!p) goto out_unlock; - retval = security_ops->task_getscheduler(p); - if (retval) + if ((retval = security_task_getscheduler(p))) goto out_unlock; lp.sched_priority = p->rt_priority; @@ -1824,8 +1820,7 @@ if (!p) goto out_unlock; - retval = security_ops->task_getscheduler(p); - if (retval) + if ((retval = security_task_getscheduler(p))) goto out_unlock; jiffies_to_timespec(p->policy & SCHED_FIFO ? diff -Nru a/kernel/signal.c b/kernel/signal.c --- a/kernel/signal.c Tue Nov 26 14:02:28 2002 +++ b/kernel/signal.c Tue Nov 26 14:02:28 2002 @@ -18,6 +18,7 @@ #include #include #include +#include #include #include #include @@ -738,8 +739,7 @@ ret = -EPERM; if (bad_signal(sig, info, t)) goto out; - ret = security_ops->task_kill(t, info, sig); - if (ret) + if ((ret = security_task_kill(t, info, sig))) goto out; /* The null signal is a permissions and process existence probe. diff -Nru a/kernel/sys.c b/kernel/sys.c --- a/kernel/sys.c Tue Nov 26 14:02:28 2002 +++ b/kernel/sys.c Tue Nov 26 14:02:28 2002 @@ -483,8 +483,7 @@ int new_egid = old_egid; int retval; - retval = security_ops->task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE); - if (retval) + if ((retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE))) return retval; if (rgid != (gid_t) -1) { @@ -529,8 +528,7 @@ int old_egid = current->egid; int retval; - retval = security_ops->task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID); - if (retval) + if ((retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID))) return retval; if (capable(CAP_SETGID)) @@ -603,8 +601,7 @@ int old_ruid, old_euid, old_suid, new_ruid, new_euid; int retval; - retval = security_ops->task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE); - if (retval) + if ((retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE))) return retval; new_ruid = old_ruid = current->uid; @@ -642,7 +639,7 @@ current->suid = current->euid; current->fsuid = current->euid; - return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE); + return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE); } @@ -664,8 +661,7 @@ int old_ruid, old_suid, new_ruid, new_suid; int retval; - retval = security_ops->task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID); - if (retval) + if ((retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID))) return retval; old_ruid = new_ruid = current->uid; @@ -687,7 +683,7 @@ current->fsuid = current->euid = uid; current->suid = new_suid; - return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID); + return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID); } @@ -702,8 +698,7 @@ int old_suid = current->suid; int retval; - retval = security_ops->task_setuid(ruid, euid, suid, LSM_SETID_RES); - if (retval) + if ((retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES))) return retval; if (!capable(CAP_SETUID)) { @@ -733,7 +728,7 @@ if (suid != (uid_t) -1) current->suid = suid; - return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES); + return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES); } asmlinkage long sys_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid) @@ -754,8 +749,7 @@ { int retval; - retval = security_ops->task_setgid(rgid, egid, sgid, LSM_SETID_RES); - if (retval) + if ((retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES))) return retval; if (!capable(CAP_SETGID)) { @@ -808,8 +802,7 @@ int old_fsuid; int retval; - retval = security_ops->task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS); - if (retval) + if ((retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS))) return retval; old_fsuid = current->fsuid; @@ -825,8 +818,7 @@ current->fsuid = uid; } - retval = security_ops->task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS); - if (retval) + if ((retval = security_task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS))) return retval; return old_fsuid; @@ -840,8 +832,7 @@ int old_fsgid; int retval; - retval = security_ops->task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS); - if (retval) + if ((retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS))) return retval; old_fsgid = current->fsgid; @@ -966,8 +957,7 @@ retval = -ESRCH; if (p) { - retval = security_ops->task_getpgid(p); - if (!retval) + if (!(retval = security_task_getpgid(p))) retval = p->pgrp; } read_unlock(&tasklist_lock); @@ -994,8 +984,7 @@ retval = -ESRCH; if(p) { - retval = security_ops->task_getsid(p); - if (!retval) + if (!(retval = security_task_getsid(p))) retval = p->session; } read_unlock(&tasklist_lock); @@ -1076,8 +1065,7 @@ return -EINVAL; if(copy_from_user(groups, grouplist, gidsetsize * sizeof(gid_t))) return -EFAULT; - retval = security_ops->task_setgroups(gidsetsize, groups); - if (retval) + if ((retval = security_task_setgroups(gidsetsize, groups))) return retval; memcpy(current->groups, groups, gidsetsize * sizeof(gid_t)); current->ngroups = gidsetsize; @@ -1240,8 +1228,7 @@ return -EPERM; } - retval = security_ops->task_setrlimit(resource, &new_rlim); - if (retval) + if ((retval = security_task_setrlimit(resource, &new_rlim))) return retval; *old_rlim = new_rlim; @@ -1315,8 +1302,7 @@ int error = 0; int sig; - error = security_ops->task_prctl(option, arg2, arg3, arg4, arg5); - if (error) + if ((error = security_task_prctl(option, arg2, arg3, arg4, arg5))) return error; switch (option) { diff -Nru a/mm/mmap.c b/mm/mmap.c --- a/mm/mmap.c Tue Nov 26 14:02:29 2002 +++ b/mm/mmap.c Tue Nov 26 14:02:29 2002 @@ -504,8 +504,7 @@ } } - error = security_ops->file_mmap(file, prot, flags); - if (error) + if ((error = security_file_mmap(file, prot, flags))) return error; /* Clear old maps */ diff -Nru a/mm/mprotect.c b/mm/mprotect.c --- a/mm/mprotect.c Tue Nov 26 14:02:28 2002 +++ b/mm/mprotect.c Tue Nov 26 14:02:28 2002 @@ -263,8 +263,7 @@ goto out; } - error = security_ops->file_mprotect(vma, prot); - if (error) + if ((error = security_file_mprotect(vma, prot))) goto out; if (vma->vm_end > end) { diff -Nru a/security/capability.c b/security/capability.c --- a/security/capability.c Tue Nov 26 14:02:28 2002 +++ b/security/capability.c Tue Nov 26 14:02:28 2002 @@ -19,10 +19,7 @@ #include #include -/* flag to keep track of how we were registered */ -static int secondary; - -static int cap_capable (struct task_struct *tsk, int cap) +int cap_capable (struct task_struct *tsk, int cap) { /* Derived from include/linux/sched.h:capable. */ if (cap_raised (tsk->cap_effective, cap)) @@ -31,23 +28,7 @@ return -EPERM; } -static int cap_sys_security (unsigned int id, unsigned int call, - unsigned long *args) -{ - return -ENOSYS; -} - -static int cap_quotactl (int cmds, int type, int id, struct super_block *sb) -{ - return 0; -} - -static int cap_quota_on (struct file *f) -{ - return 0; -} - -static int cap_ptrace (struct task_struct *parent, struct task_struct *child) +int cap_ptrace (struct task_struct *parent, struct task_struct *child) { /* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */ if (!cap_issubset (child->cap_permitted, current->cap_permitted) && @@ -57,8 +38,8 @@ return 0; } -static int cap_capget (struct task_struct *target, kernel_cap_t * effective, - kernel_cap_t * inheritable, kernel_cap_t * permitted) +int cap_capget (struct task_struct *target, kernel_cap_t *effective, + kernel_cap_t *inheritable, kernel_cap_t *permitted) { /* Derived from kernel/capability.c:sys_capget. */ *effective = cap_t (target->cap_effective); @@ -67,10 +48,8 @@ return 0; } -static int cap_capset_check (struct task_struct *target, - kernel_cap_t * effective, - kernel_cap_t * inheritable, - kernel_cap_t * permitted) +int cap_capset_check (struct task_struct *target, kernel_cap_t *effective, + kernel_cap_t *inheritable, kernel_cap_t *permitted) { /* Derived from kernel/capability.c:sys_capset. */ /* verify restrictions on target's new Inheritable set */ @@ -95,27 +74,15 @@ return 0; } -static void cap_capset_set (struct task_struct *target, - kernel_cap_t * effective, - kernel_cap_t * inheritable, - kernel_cap_t * permitted) +void cap_capset_set (struct task_struct *target, kernel_cap_t *effective, + kernel_cap_t *inheritable, kernel_cap_t *permitted) { target->cap_effective = *effective; target->cap_inheritable = *inheritable; target->cap_permitted = *permitted; } -static int cap_acct (struct file *file) -{ - return 0; -} - -static int cap_bprm_alloc_security (struct linux_binprm *bprm) -{ - return 0; -} - -static int cap_bprm_set_security (struct linux_binprm *bprm) +int cap_bprm_set_security (struct linux_binprm *bprm) { /* Copied from fs/exec.c:prepare_binprm. */ @@ -143,23 +110,13 @@ return 0; } -static int cap_bprm_check_security (struct linux_binprm *bprm) -{ - return 0; -} - -static void cap_bprm_free_security (struct linux_binprm *bprm) -{ - return; -} - /* Copied from fs/exec.c */ static inline int must_not_trace_exec (struct task_struct *p) { return (p->ptrace & PT_PTRACED) && !(p->ptrace & PT_PTRACE_CAP); } -static void cap_bprm_compute_creds (struct linux_binprm *bprm) +void cap_bprm_compute_creds (struct linux_binprm *bprm) { /* Derived from fs/exec.c:compute_creds. */ kernel_cap_t new_permitted, working; @@ -204,6 +161,154 @@ current->keep_capabilities = 0; } +/* moved from kernel/sys.c. */ +/* + * cap_emulate_setxuid() fixes the effective / permitted capabilities of + * a process after a call to setuid, setreuid, or setresuid. + * + * 1) When set*uiding _from_ one of {r,e,s}uid == 0 _to_ all of + * {r,e,s}uid != 0, the permitted and effective capabilities are + * cleared. + * + * 2) When set*uiding _from_ euid == 0 _to_ euid != 0, the effective + * capabilities of the process are cleared. + * + * 3) When set*uiding _from_ euid != 0 _to_ euid == 0, the effective + * capabilities are set to the permitted capabilities. + * + * fsuid is handled elsewhere. fsuid == 0 and {r,e,s}uid!= 0 should + * never happen. + * + * -astor + * + * cevans - New behaviour, Oct '99 + * A process may, via prctl(), elect to keep its capabilities when it + * calls setuid() and switches away from uid==0. Both permitted and + * effective sets will be retained. + * Without this change, it was impossible for a daemon to drop only some + * of its privilege. The call to setuid(!=0) would drop all privileges! + * Keeping uid 0 is not an option because uid 0 owns too many vital + * files.. + * Thanks to Olaf Kirch and Peter Benie for spotting this. + */ +static inline void cap_emulate_setxuid (int old_ruid, int old_euid, + int old_suid) +{ + if ((old_ruid == 0 || old_euid == 0 || old_suid == 0) && + (current->uid != 0 && current->euid != 0 && current->suid != 0) && + !current->keep_capabilities) { + cap_clear (current->cap_permitted); + cap_clear (current->cap_effective); + } + if (old_euid == 0 && current->euid != 0) { + cap_clear (current->cap_effective); + } + if (old_euid != 0 && current->euid == 0) { + current->cap_effective = current->cap_permitted; + } +} + +int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, + int flags) +{ + switch (flags) { + case LSM_SETID_RE: + case LSM_SETID_ID: + case LSM_SETID_RES: + /* Copied from kernel/sys.c:setreuid/setuid/setresuid. */ + if (!issecure (SECURE_NO_SETUID_FIXUP)) { + cap_emulate_setxuid (old_ruid, old_euid, old_suid); + } + break; + case LSM_SETID_FS: + { + uid_t old_fsuid = old_ruid; + + /* Copied from kernel/sys.c:setfsuid. */ + + /* + * FIXME - is fsuser used for all CAP_FS_MASK capabilities? + * if not, we might be a bit too harsh here. + */ + + if (!issecure (SECURE_NO_SETUID_FIXUP)) { + if (old_fsuid == 0 && current->fsuid != 0) { + cap_t (current->cap_effective) &= + ~CAP_FS_MASK; + } + if (old_fsuid != 0 && current->fsuid == 0) { + cap_t (current->cap_effective) |= + (cap_t (current->cap_permitted) & + CAP_FS_MASK); + } + } + break; + } + default: + return -EINVAL; + } + + return 0; +} + +void cap_task_kmod_set_label (void) +{ + cap_set_full (current->cap_effective); + return; +} + +void cap_task_reparent_to_init (struct task_struct *p) +{ + p->cap_effective = CAP_INIT_EFF_SET; + p->cap_inheritable = CAP_INIT_INH_SET; + p->cap_permitted = CAP_FULL_SET; + p->keep_capabilities = 0; + return; +} + +EXPORT_SYMBOL(cap_capable); +EXPORT_SYMBOL(cap_ptrace); +EXPORT_SYMBOL(cap_capget); +EXPORT_SYMBOL(cap_capset_check); +EXPORT_SYMBOL(cap_capset_set); +EXPORT_SYMBOL(cap_bprm_set_security); +EXPORT_SYMBOL(cap_bprm_compute_creds); +EXPORT_SYMBOL(cap_task_post_setuid); +EXPORT_SYMBOL(cap_task_kmod_set_label); +EXPORT_SYMBOL(cap_task_reparent_to_init); + +#ifdef CONFIG_SECURITY + +static int cap_quotactl (int cmds, int type, int id, struct super_block *sb) +{ + return 0; +} + +static int cap_quota_on (struct file *f) +{ + return 0; +} + +static int cap_acct (struct file *file) +{ + return 0; +} + +static int cap_bprm_alloc_security (struct linux_binprm *bprm) +{ + return 0; +} + +static int cap_bprm_check_security (struct linux_binprm *bprm) +{ + return 0; +} + +static void cap_bprm_free_security (struct linux_binprm *bprm) +{ + return; +} + static int cap_sb_alloc_security (struct super_block *sb) { return 0; @@ -507,96 +612,6 @@ return 0; } -/* moved from kernel/sys.c. */ -/* - * cap_emulate_setxuid() fixes the effective / permitted capabilities of - * a process after a call to setuid, setreuid, or setresuid. - * - * 1) When set*uiding _from_ one of {r,e,s}uid == 0 _to_ all of - * {r,e,s}uid != 0, the permitted and effective capabilities are - * cleared. - * - * 2) When set*uiding _from_ euid == 0 _to_ euid != 0, the effective - * capabilities of the process are cleared. - * - * 3) When set*uiding _from_ euid != 0 _to_ euid == 0, the effective - * capabilities are set to the permitted capabilities. - * - * fsuid is handled elsewhere. fsuid == 0 and {r,e,s}uid!= 0 should - * never happen. - * - * -astor - * - * cevans - New behaviour, Oct '99 - * A process may, via prctl(), elect to keep its capabilities when it - * calls setuid() and switches away from uid==0. Both permitted and - * effective sets will be retained. - * Without this change, it was impossible for a daemon to drop only some - * of its privilege. The call to setuid(!=0) would drop all privileges! - * Keeping uid 0 is not an option because uid 0 owns too many vital - * files.. - * Thanks to Olaf Kirch and Peter Benie for spotting this. - */ -static inline void cap_emulate_setxuid (int old_ruid, int old_euid, - int old_suid) -{ - if ((old_ruid == 0 || old_euid == 0 || old_suid == 0) && - (current->uid != 0 && current->euid != 0 && current->suid != 0) && - !current->keep_capabilities) { - cap_clear (current->cap_permitted); - cap_clear (current->cap_effective); - } - if (old_euid == 0 && current->euid != 0) { - cap_clear (current->cap_effective); - } - if (old_euid != 0 && current->euid == 0) { - current->cap_effective = current->cap_permitted; - } -} - -static int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, - int flags) -{ - switch (flags) { - case LSM_SETID_RE: - case LSM_SETID_ID: - case LSM_SETID_RES: - /* Copied from kernel/sys.c:setreuid/setuid/setresuid. */ - if (!issecure (SECURE_NO_SETUID_FIXUP)) { - cap_emulate_setxuid (old_ruid, old_euid, old_suid); - } - break; - case LSM_SETID_FS: - { - uid_t old_fsuid = old_ruid; - - /* Copied from kernel/sys.c:setfsuid. */ - - /* - * FIXME - is fsuser used for all CAP_FS_MASK capabilities? - * if not, we might be a bit too harsh here. - */ - - if (!issecure (SECURE_NO_SETUID_FIXUP)) { - if (old_fsuid == 0 && current->fsuid != 0) { - cap_t (current->cap_effective) &= - ~CAP_FS_MASK; - } - if (old_fsuid != 0 && current->fsuid == 0) { - cap_t (current->cap_effective) |= - (cap_t (current->cap_permitted) & - CAP_FS_MASK); - } - } - break; - } - default: - return -EINVAL; - } - - return 0; -} - static int cap_task_setgid (gid_t id0, gid_t id1, gid_t id2, int flags) { return 0; @@ -659,21 +674,6 @@ return 0; } -static void cap_task_kmod_set_label (void) -{ - cap_set_full (current->cap_effective); - return; -} - -static void cap_task_reparent_to_init (struct task_struct *p) -{ - p->cap_effective = CAP_INIT_EFF_SET; - p->cap_inheritable = CAP_INIT_INH_SET; - p->cap_permitted = CAP_FULL_SET; - p->keep_capabilities = 0; - return; -} - static int cap_ipc_permission (struct kern_ipc_perm *ipcp, short flag) { return 0; @@ -726,7 +726,6 @@ .capset_set = cap_capset_set, .acct = cap_acct, .capable = cap_capable, - .sys_security = cap_sys_security, .quotactl = cap_quotactl, .quota_on = cap_quota_on, @@ -832,6 +831,10 @@ #define MY_NAME "capability" #endif +/* flag to keep track of how we were registered */ +static int secondary; + + static int __init capability_init (void) { /* register ourselves with the security framework */ @@ -871,3 +874,5 @@ MODULE_DESCRIPTION("Standard Linux Capabilities Security Module"); MODULE_LICENSE("GPL"); + +#endif /* CONFIG_SECURITY */ diff -Nru a/security/dummy.c b/security/dummy.c --- a/security/dummy.c Tue Nov 26 14:02:28 2002 +++ b/security/dummy.c Tue Nov 26 14:02:28 2002 @@ -72,12 +72,6 @@ return -EPERM; } -static int dummy_sys_security (unsigned int id, unsigned int call, - unsigned long *args) -{ - return -ENOSYS; -} - static int dummy_quotactl (int cmds, int type, int id, struct super_block *sb) { return 0; @@ -552,7 +546,6 @@ .capset_set = dummy_capset_set, .acct = dummy_acct, .capable = dummy_capable, - .sys_security = dummy_sys_security, .quotactl = dummy_quotactl, .quota_on = dummy_quota_on,