Eric Lee / smarc-fsl-linux-kernel

18 Jul, 2007

1 commit

  • 3bd858ab1   Introduce is_owner_or_cap() to wrap CAP_FOWNER use with fsuid check ... Browse Code »

    Introduce is_owner_or_cap() macro in fs.h, and convert over relevant
    users to it. This is done because we want to avoid bugs in the future
    where we check for only effective fsuid of the current task against a
    file's owning uid, without simultaneously checking for CAP_FOWNER as
    well, thus violating its semantics.
    [ XFS uses special macros and structures, and in general looked ...
    untouchable, so we leave it alone -- but it has been looked over. ]

    The (current->fsuid != inode->i_uid) check in generic_permission() and
    exec_permission_lite() is left alone, because those operations are
    covered by CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH. Similarly operations
    falling under the purview of CAP_CHOWN and CAP_LEASE are also left alone.

    Signed-off-by: Satyam Sharma
    Cc: Al Viro
    Acked-by: Serge E. Hallyn
    Signed-off-by: Linus Torvalds

    Satyam Sharma
     

30 Sep, 2006

1 commit

  • f0c8bd164   [PATCH] Generic infrastructure for acls ... Browse Code »

    The patches solve the following problem: We want to grant access to devices
    based on who is logged in from where, etc. This includes switching back and
    forth between multiple user sessions, etc.

    Using ACLs to define device access for logged-in users gives us all the
    flexibility we need in order to fully solve the problem.

    Device special files nowadays usually live on tmpfs, hence tmpfs ACLs.

    Different distros have come up with solutions that solve the problem to
    different degrees: SUSE uses a resource manager which tracks login sessions
    and sets ACLs on device inodes as appropriate. RedHat uses pam_console, which
    changes the primary file ownership to the logged-in user. Others use a set of
    groups that users must be in in order to be granted the appropriate accesses.

    The freedesktop.org project plans to implement a combination of a
    console-tracker and a HAL-device-list based solution to grant access to
    devices to users, and more distros will likely follow this approach.

    These patches have first been posted here on 2 February 2005, and again
    on 8 January 2006. We have been shipping them in SLES9 and SLES10 with
    no problems reported. The previous submission is archived here:

    http://lkml.org/lkml/2006/1/8/229
    http://lkml.org/lkml/2006/1/8/230
    http://lkml.org/lkml/2006/1/8/231

    This patch:

    Add some infrastructure for access control lists on in-memory
    filesystems such as tmpfs.

    Signed-off-by: Andreas Gruenbacher
    Cc: Hugh Dickins
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Andreas Gruenbacher