diff options
author | Serge Hallyn <serge@hallyn.com> | 2017-04-24 13:51:48 -0500 |
---|---|---|
committer | Serge Hallyn <serge@hallyn.com> | 2017-04-24 13:51:48 -0500 |
commit | 534a278522bcbf361e5d078f5e7ede624f9d13b3 (patch) | |
tree | a0dbdfb01145781c0923263b4f0bf76b05c32d93 | |
parent | 89f28dc4a05bd40362e16c8ffc155e5d510c9367 (diff) | |
download | linux-security-2017-04-24/nsfscaps.tar.gz |
(fold up) move cap_convert_nscap to setxattr2017-04-24/nsfscaps
rename cap_convert_nscap (rename in updated commit msg)
Signed-off-by: Serge Hallyn <serge@hallyn.com>
-rw-r--r-- | fs/xattr.c | 10 | ||||
-rw-r--r-- | include/linux/capability.h | 3 | ||||
-rw-r--r-- | security/commoncap.c | 20 |
3 files changed, 13 insertions, 20 deletions
diff --git a/fs/xattr.c b/fs/xattr.c index e3593c998c21ab..601f627c8e448f 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -445,17 +445,9 @@ setxattr(struct dentry *d, const char __user *name, const void __user *value, (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0)) posix_acl_fix_xattr_from_user(kvalue, size); else if (strcmp(kname, XATTR_NAME_CAPS) == 0) { - char *wvalue = NULL; - size_t wsize; - error = cap_setxattr_convert_nscap(d, kvalue, size, - &wvalue, &wsize); + error = cap_convert_nscap(d, &kvalue, &size); if (error < 0) goto out; - if (wvalue) { - kvfree(kvalue); - kvalue = wvalue; - size = wsize; - } } } diff --git a/include/linux/capability.h b/include/linux/capability.h index c47febf8448b50..e5fafc9b3ea2b2 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -247,7 +247,6 @@ extern bool ptracer_capable(struct task_struct *tsk, struct user_namespace *ns); /* audit system wants to get cap info from files as well */ extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps); -extern int cap_setxattr_convert_nscap(struct dentry *dentry, const void *value, - size_t size, void **wvalue, size_t *wsize); +extern int cap_convert_nscap(struct dentry *dentry, void **value, size_t *size); #endif /* !_LINUX_CAPABILITY_H */ diff --git a/security/commoncap.c b/security/commoncap.c index 37fab19d9b3b59..91a632183c497a 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -456,14 +456,12 @@ static kuid_t rootid_from_xattr(const void *value, size_t size, } /* - * User requested a write of security.capability. + * User requested a write of security.capability. If needed, update the + * xattr to change from v2 to v3, or to fixup the v3 rootid. * - * If all is ok, we return 0. If the capability needs to be converted, - * wvalue will be allocated (and needs to be freed) with the new value. - * On error, return < 0. + * If all is ok, we return 0, on error return < 0. */ -int cap_setxattr_convert_nscap(struct dentry *dentry, const void *value, size_t size, - void **wvalue, size_t *wsize) +int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t *isize) { struct vfs_ns_cap_data *nscap; uid_t nsrootid; @@ -473,6 +471,8 @@ int cap_setxattr_convert_nscap(struct dentry *dentry, const void *value, size_t struct user_namespace *task_ns = current_user_ns(), *fs_ns = inode->i_sb->s_user_ns; kuid_t rootid; + size_t size = *isize, newsize; + void *value = *ivalue; if (!value) return -EINVAL; @@ -499,8 +499,8 @@ int cap_setxattr_convert_nscap(struct dentry *dentry, const void *value, size_t if (nsrootid == -1) return -EINVAL; - *wsize = sizeof(struct vfs_ns_cap_data); - nscap = kmalloc(*wsize, GFP_ATOMIC); + newsize = sizeof(struct vfs_ns_cap_data); + nscap = kmalloc(newsize, GFP_ATOMIC); if (!nscap) return -ENOMEM; nscap->rootid = cpu_to_le32(nsrootid); @@ -511,7 +511,9 @@ int cap_setxattr_convert_nscap(struct dentry *dentry, const void *value, size_t nscap->magic_etc = cpu_to_le32(nsmagic); memcpy(&nscap->data, &cap->data, sizeof(__le32) * 2 * VFS_CAP_U32); - *wvalue = nscap; + kvfree(*ivalue); + *ivalue = nscap; + *isize = newsize; return 0; } |