[GIT Pull Request] Copy on write credentials for Linux [ver #3] - Kernel

This is a discussion on [GIT Pull Request] Copy on write credentials for Linux [ver #3] - Kernel ; The following changes since commit a50c22eed593f474e75f693381e4d42e81762de8: Huang Weiyi (1): mm: remove duplicated #include's are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/cred-2.6.git creds-v3 David Howells (77): CRED: Wrap task credential accesses in the IA64 arch CRED: Wrap task credential accesses in ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: [GIT Pull Request] Copy on write credentials for Linux [ver #3]

  1. [GIT Pull Request] Copy on write credentials for Linux [ver #3]


    The following changes since commit a50c22eed593f474e75f693381e4d42e81762de8:
    Huang Weiyi (1):
    mm: remove duplicated #include's

    are available in the git repository at:

    git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/cred-2.6.git creds-v3

    David Howells (77):
    CRED: Wrap task credential accesses in the IA64 arch
    CRED: Wrap task credential accesses in the MIPS arch
    CRED: Wrap task credential accesses in the PA-RISC arch
    CRED: Wrap task credential accesses in the PowerPC arch
    CRED: Wrap task credential accesses in the S390 arch
    CRED: Wrap task credential accesses in the x86 arch
    CRED: Wrap task credential accesses in the block loopback driver
    CRED: Wrap task credential accesses in the tty driver
    CRED: Wrap task credential accesses in the ISDN drivers
    CRED: Wrap task credential accesses in the network device drivers
    CRED: Wrap task credential accesses in the USB driver
    CRED: Wrap task credential accesses in 9P2000 filesystem
    CRED: Wrap task credential accesses in the AFFS filesystem
    CRED: Wrap task credential accesses in the autofs filesystem
    CRED: Wrap task credential accesses in the autofs4 filesystem
    CRED: Wrap task credential accesses in the BFS filesystem
    CRED: Wrap task credential accesses in the CIFS filesystem
    CRED: Wrap task credential accesses in the Coda filesystem
    CRED: Wrap task credential accesses in the devpts filesystem
    CRED: Wrap task credential accesses in the eCryptFS filesystem
    CRED: Wrap task credential accesses in the Ext2 filesystem
    CRED: Wrap task credential accesses in the Ext3 filesystem
    CRED: Wrap task credential accesses in the Ext4 filesystem
    CRED: Wrap task credential accesses in the FAT filesystem
    CRED: Wrap task credential accesses in the FUSE filesystem
    CRED: Wrap task credential accesses in the GFS2 filesystem
    CRED: Wrap task credential accesses in the HFS filesystem
    CRED: Wrap task credential accesses in the HFSplus filesystem
    CRED: Wrap task credential accesses in the HPFS filesystem
    CRED: Wrap task credential accesses in the hugetlbfs filesystem
    CRED: Wrap task credential accesses in the JFS filesystem
    CRED: Wrap task credential accesses in the Minix filesystem
    CRED: Wrap task credential accesses in the NCPFS filesystem
    CRED: Wrap task credential accesses in the NFS daemon
    CRED: Wrap task credential accesses in the OCFS2 filesystem
    CRED: Wrap task credential accesses in the OMFS filesystem
    CRED: Wrap task credential accesses in the RAMFS filesystem
    CRED: Wrap task credential accesses in the ReiserFS filesystem
    CRED: Wrap task credential accesses in the SMBFS filesystem
    CRED: Wrap task credential accesses in the SYSV filesystem
    CRED: Wrap task credential accesses in the UBIFS filesystem
    CRED: Wrap task credential accesses in the UDF filesystem
    CRED: Wrap task credential accesses in the UFS filesystem
    CRED: Wrap task credential accesses in the XFS filesystem
    CRED: Wrap task credential accesses in the filesystem subsystem
    CRED: Wrap task credential accesses in the SYSV IPC subsystem
    CRED: Wrap task credential accesses in the AX25 protocol
    CRED: Wrap task credential accesses in the IPv6 protocol
    CRED: Wrap task credential accesses in the netrom protocol
    CRED: Wrap task credential accesses in the ROSE protocol
    CRED: Wrap task credential accesses in the SunRPC protocol
    CRED: Wrap task credential accesses in the UNIX socket protocol
    CRED: Wrap task credential accesses in the networking subsystem
    CRED: Wrap task credential accesses in the key management code
    CRED: Wrap task credential accesses in the capabilities code
    CRED: Wrap task credential accesses in the core kernel
    KEYS: Disperse linux/key_ui.h
    KEYS: Alter use of key instantiation link-to-keyring argument
    CRED: Neuter sys_capset()
    CRED: Constify the kernel_cap_t arguments to the capset LSM hooks
    CRED: Separate task security context from task_struct
    CRED: Detach the credentials from task_struct
    CRED: Wrap current->cred and a few other accessors
    CRED: Use RCU to access another task's creds and to release a task's own creds
    CRED: Wrap access to SELinux's task SID
    CRED: Separate per-task-group keyrings from signal_struct
    CRED: Rename is_single_threaded() to is_wq_single_threaded()
    CRED: Make inode_has_perm() and file_has_perm() take a cred pointer
    CRED: Pass credentials through dentry_open()
    CRED: Inaugurate COW credentials
    CRED: Make execve() take advantage of copy-on-write credentials
    CRED: Prettify commoncap.c
    CRED: Use creds in file structs
    CRED: Documentation
    CRED: Differentiate objective and effective subjective credentials on a task
    CRED: Add a kernel_service object class to SELinux
    CRED: Allow kernel services to override LSM settings for task actions

    Documentation/credentials.txt | 582 +++++++++++++
    arch/alpha/kernel/asm-offsets.c | 11 +-
    arch/alpha/kernel/entry.S | 10 +-
    arch/ia64/ia32/sys_ia32.c | 7 +-
    arch/ia64/kernel/mca_drv.c | 2 +-
    arch/ia64/kernel/perfmon.c | 43 +-
    arch/ia64/kernel/signal.c | 4 +-
    arch/mips/kernel/kspd.c | 4 +-
    arch/mips/kernel/mips-mt-fpaff.c | 5 +-
    arch/mips/kernel/vpe.c | 4 +-
    arch/parisc/kernel/signal.c | 2 +-
    arch/powerpc/mm/fault.c | 2 +-
    arch/powerpc/platforms/cell/spufs/inode.c | 8 +-
    arch/s390/hypfs/inode.c | 4 +-
    arch/s390/kernel/compat_linux.c | 28 +-
    arch/um/drivers/mconsole_kern.c | 3 +-
    arch/x86/ia32/ia32_aout.c | 2 +-
    arch/x86/mm/fault.c | 2 +-
    drivers/block/loop.c | 6 +-
    drivers/char/tty_audit.c | 6 +-
    drivers/connector/cn_proc.c | 16 +-
    drivers/isdn/capi/capifs.c | 4 +-
    drivers/isdn/hysdn/hysdn_procconf.c | 6 +-
    drivers/net/tun.c | 8 +-
    drivers/usb/core/devio.c | 10 +-
    drivers/usb/core/inode.c | 4 +-
    fs/9p/fid.c | 2 +-
    fs/9p/vfs_inode.c | 4 +-
    fs/9p/vfs_super.c | 4 +-
    fs/affs/inode.c | 4 +-
    fs/affs/super.c | 4 +-
    fs/anon_inodes.c | 4 +-
    fs/attr.c | 4 +-
    fs/autofs/inode.c | 4 +-
    fs/autofs4/dev-ioctl.c | 3 +-
    fs/autofs4/inode.c | 4 +-
    fs/autofs4/waitq.c | 4 +-
    fs/bfs/dir.c | 4 +-
    fs/binfmt_aout.c | 2 +-
    fs/binfmt_elf.c | 20 +-
    fs/binfmt_elf_fdpic.c | 19 +-
    fs/binfmt_flat.c | 2 +-
    fs/binfmt_som.c | 2 +-
    fs/cifs/cifs_fs_sb.h | 2 +-
    fs/cifs/cifsproto.h | 2 +-
    fs/cifs/connect.c | 4 +-
    fs/cifs/dir.c | 12 +-
    fs/cifs/inode.c | 8 +-
    fs/cifs/ioctl.c | 2 +-
    fs/cifs/misc.c | 4 +-
    fs/coda/cache.c | 6 +-
    fs/coda/file.c | 2 +-
    fs/coda/upcall.c | 2 +-
    fs/compat.c | 42 +-
    fs/devpts/inode.c | 4 +-
    fs/dquot.c | 4 +-
    fs/ecryptfs/ecryptfs_kernel.h | 3 +-
    fs/ecryptfs/kthread.c | 9 +-
    fs/ecryptfs/main.c | 3 +-
    fs/ecryptfs/messaging.c | 18 +-
    fs/ecryptfs/miscdev.c | 20 +-
    fs/exec.c | 183 +++--
    fs/exportfs/expfs.c | 4 +-
    fs/ext2/balloc.c | 2 +-
    fs/ext2/ialloc.c | 4 +-
    fs/ext3/balloc.c | 2 +-
    fs/ext3/ialloc.c | 4 +-
    fs/ext4/balloc.c | 5 +-
    fs/ext4/ialloc.c | 4 +-
    fs/fat/file.c | 2 +-
    fs/fat/inode.c | 4 +-
    fs/fcntl.c | 18 +-
    fs/file_table.c | 10 +-
    fs/fuse/dev.c | 4 +-
    fs/fuse/dir.c | 25 +-
    fs/gfs2/inode.c | 10 +-
    fs/hfs/inode.c | 4 +-
    fs/hfs/super.c | 4 +-
    fs/hfsplus/inode.c | 4 +-
    fs/hfsplus/options.c | 4 +-
    fs/hpfs/namei.c | 24 +-
    fs/hpfs/super.c | 4 +-
    fs/hppfs/hppfs.c | 6 +-
    fs/hugetlbfs/inode.c | 21 +-
    fs/inotify_user.c | 2 +-
    fs/internal.h | 6 +
    fs/ioprio.c | 18 +-
    fs/jfs/jfs_inode.c | 4 +-
    fs/locks.c | 2 +-
    fs/minix/bitmap.c | 4 +-
    fs/namei.c | 10 +-
    fs/namespace.c | 2 +-
    fs/ncpfs/ioctl.c | 91 +--
    fs/nfsctl.c | 3 +-
    fs/nfsd/auth.c | 95 ++-
    fs/nfsd/nfs4recover.c | 71 +-
    fs/nfsd/nfsfh.c | 11 +-
    fs/nfsd/vfs.c | 9 +-
    fs/ocfs2/dlm/dlmfs.c | 8 +-
    fs/ocfs2/namei.c | 4 +-
    fs/omfs/inode.c | 8 +-
    fs/open.c | 59 +-
    fs/pipe.c | 4 +-
    fs/posix_acl.c | 4 +-
    fs/proc/array.c | 32 +-
    fs/proc/base.c | 32 +-
    fs/quota.c | 4 +-
    fs/ramfs/inode.c | 4 +-
    fs/reiserfs/namei.c | 4 +-
    fs/smbfs/dir.c | 3 +-
    fs/smbfs/inode.c | 2 +-
    fs/smbfs/proc.c | 2 +-
    fs/sysv/ialloc.c | 4 +-
    fs/ubifs/budget.c | 2 +-
    fs/ubifs/dir.c | 4 +-
    fs/udf/ialloc.c | 4 +-
    fs/udf/namei.c | 2 +-
    fs/ufs/ialloc.c | 4 +-
    fs/xfs/linux-2.6/xfs_cred.h | 6 +-
    fs/xfs/linux-2.6/xfs_globals.h | 2 +-
    fs/xfs/linux-2.6/xfs_ioctl.c | 5 +-
    fs/xfs/xfs_acl.c | 6 +-
    fs/xfs/xfs_inode.h | 2 +-
    fs/xfs/xfs_vnodeops.h | 10 +-
    include/keys/keyring-type.h | 31 +
    include/linux/binfmts.h | 16 +-
    include/linux/capability.h | 2 -
    include/linux/cred.h | 340 +++++++-
    include/linux/fs.h | 8 +-
    include/linux/init_task.h | 13 +-
    include/linux/key-ui.h | 66 --
    include/linux/key.h | 32 +-
    include/linux/keyctl.h | 4 +-
    include/linux/sched.h | 64 +--
    include/linux/securebits.h | 2 +-
    include/linux/security.h | 326 ++++----
    include/net/scm.h | 4 +-
    init/main.c | 1 +
    ipc/mqueue.c | 19 +-
    ipc/shm.c | 9 +-
    ipc/util.c | 18 +-
    kernel/Makefile | 2 +-
    kernel/acct.c | 7 +-
    kernel/auditsc.c | 57 +-
    kernel/capability.c | 268 +------
    kernel/cgroup.c | 17 +-
    kernel/cred-internals.h | 21 +
    kernel/cred.c | 577 +++++++++++++
    kernel/exit.c | 23 +-
    kernel/fork.c | 44 +-
    kernel/futex.c | 20 +-
    kernel/futex_compat.c | 7 +-
    kernel/kmod.c | 30 +-
    kernel/ptrace.c | 29 +-
    kernel/sched.c | 26 +-
    kernel/signal.c | 60 +-
    kernel/sys.c | 579 ++++++++------
    kernel/sysctl.c | 2 +-
    kernel/timer.c | 8 +-
    kernel/trace/trace.c | 2 +-
    kernel/tsacct.c | 6 +-
    kernel/uid16.c | 31 +-
    kernel/user.c | 37 +-
    kernel/user_namespace.c | 14 +-
    kernel/workqueue.c | 8 +-
    lib/Makefile | 2 +-
    lib/is_single_threaded.c | 45 +
    mm/mempolicy.c | 9 +-
    mm/migrate.c | 9 +-
    mm/oom_kill.c | 6 +-
    mm/shmem.c | 8 +-
    net/9p/client.c | 2 +-
    net/ax25/af_ax25.c | 2 +-
    net/ax25/ax25_route.c | 2 +-
    net/core/dev.c | 8 +-
    net/core/scm.c | 10 +-
    net/ipv4/netfilter/ipt_LOG.c | 4 +-
    net/ipv6/ip6_flowlabel.c | 2 +-
    net/ipv6/netfilter/ip6t_LOG.c | 4 +-
    net/netfilter/nfnetlink_log.c | 5 +-
    net/netfilter/xt_owner.c | 16 +-
    net/netrom/af_netrom.c | 4 +-
    net/rose/af_rose.c | 4 +-
    net/rxrpc/ar-key.c | 6 +-
    net/sched/cls_flow.c | 4 +-
    net/socket.c | 4 +-
    net/sunrpc/auth.c | 14 +-
    net/unix/af_unix.c | 11 +-
    security/capability.c | 56 +-
    security/commoncap.c | 699 ++++++++++------
    security/keys/internal.h | 47 +-
    security/keys/key.c | 25 +-
    security/keys/keyctl.c | 210 +++--
    security/keys/keyring.c | 15 +-
    security/keys/permission.c | 29 +-
    security/keys/proc.c | 8 +-
    security/keys/process_keys.c | 469 +++++------
    security/keys/request_key.c | 133 ++--
    security/keys/request_key_auth.c | 46 +-
    security/root_plug.c | 13 +-
    security/security.c | 96 +--
    security/selinux/exports.c | 8 +-
    security/selinux/hooks.c | 1151 ++++++++++++++------------
    security/selinux/include/av_perm_to_string.h | 2 +
    security/selinux/include/av_permissions.h | 2 +
    security/selinux/include/class_to_string.h | 5 +
    security/selinux/include/flask.h | 1 +
    security/selinux/include/objsec.h | 11 -
    security/selinux/selinuxfs.c | 13 +-
    security/selinux/xfrm.c | 6 +-
    security/smack/smack_access.c | 4 +-
    security/smack/smack_lsm.c | 173 +++--
    security/smack/smackfs.c | 6 +-
    213 files changed, 5062 insertions(+), 3098 deletions(-)
    create mode 100644 Documentation/credentials.txt
    create mode 100644 include/keys/keyring-type.h
    delete mode 100644 include/linux/key-ui.h
    create mode 100644 kernel/cred-internals.h
    create mode 100644 kernel/cred.c
    create mode 100644 lib/is_single_threaded.c
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  2. Re: [GIT Pull Request] Copy on write credentials for Linux [ver #3]


    I should probably explain what these patch are about. They detach the
    credentials and other security information from the task_struct and store it
    in a (mostly) copy-on-write struct that may then be shared between processes,
    leaving only a couple of pointers in task_struct. This means:

    (1) The kernel can cleanly override the current subjective security context
    of a task without affecting its objective security context. This allows
    the kernel to perform privileged accessed on behalf of a task without
    affecting that task's ability to receive signals, be the target of
    ptrace() and be accessed through /proc.

    (2) The kernel can install multiple replacement credentials simultaneously
    without an intermediate state being seen.

    (3) The kernel can simply discard proposed replacement credentials if an
    error occurs during the process. No reversion is required.

    (4) As a consequence of (2), execve() can keep its credential changes to
    itself until it's ready to commit all of them. execve() no longer
    applies credential changes piecemeal.

    (5) If execve() returns an error, the task's current security state will not
    have been altered (currently some state may be lost by an unsuccessful
    execve()).

    I'm intending to use this code to implement FS-Cache/CacheFiles, but it could
    also perhaps be used for NFSD.

    Note that some of the wrapping patches have already been incorporated upstream
    and have been dropped from this set.


    There are three parts to this project:

    (1) Implement COW credentials.

    (2) Pass the cred pointer through the vfs_xxx() functions and suchlike to all
    the places that need them.

    (3) Document it.

    The associated patches implement (1) and part of (3). Some things to note:

    (a) All of {,e,s,fs}{u,g}id and supplementary groups, capabilities, secure
    bits, keyrings, and the task security pointer have migrated into struct
    cred.

    (b) Changing a tasks credentials involves creating a new struct cred (call
    prepare_creds()) and then using RCU to change things over (call
    commit_creds()).

    (c) task_struct::cred is a const struct cred *, as are all pointers that
    aren't used specifically for creating new credentials. This catches
    places that are changing creds when they shouldn't be at compile time.

    To get a new ref on a const cred, use get_cred() which casts away the
    const and calls atomic_inc().

    (d) It is no longer possible for a task to instantiate another task's
    keyrings. The keyrings code tries to make sure that the required keyrings
    are present in request_key(), and redirects any attempt to nominate a
    process-specific keyring when instantiating a key to whatever keyring was
    suggested by sys_request_key() (or it uses the default).

    (e) sys_capset() is neutered: it can only affect the caller.

    (f) execve() is cleaner. The changes are all worked out in a new set of
    credentials, then the whole lot is installed in install_exec_creds() (a
    replacement for compute_creds()) in three stages:

    (i) The LSM is called - security_bprm_committing_creds() - so that the LSM
    can do stuff that must be done before the new creds take effect.
    SELinux uses this to call flush_authorized_files() and to flush
    rlimits.

    (ii) commit_creds() is called to make the actual change.

    (iii) The LSM is called again - security_bprm_committed_creds() - so that
    the LSM can do stuff that must be done under the new creds. SELinux
    uses this to flush signal handlers.

    (g) Most of the bprm LSM hooks have been replaced with simplified code
    arranged differently.

    (h) In struct file, f_uid and f_gid have been replaced by f_cred, which is a
    pointer to the opener's credentials at the time of opening.

    (i) Credentials are shared where possible. More work should go into this as
    it plays it safe when sharing keyrings over non-CLONE_THREAD clones.

    (j) The reparent_to_init LSM hook for kernel threads is gone. Kernel threads
    now made to share init_cred instead at the start of their life (they may
    change this later).

    Most of the work is in the patch ensubjected "CRED: Inaugurate COW
    credentials". The description attached to this describes each of the logical
    changes in more detail. The preceding patches are preparation.


    These patches compile for make allmodconfig, and I've built and run a kernel on
    my x86_64 test box with these patches applied.

    The patches are:

    (*) CRED: Wrap task credential accesses in the IA64 arch
    (*) CRED: Wrap task credential accesses in the MIPS arch
    (*) CRED: Wrap task credential accesses in the PA-RISC arch
    (*) CRED: Wrap task credential accesses in the PowerPC arch
    (*) CRED: Wrap task credential accesses in the S390 arch
    (*) CRED: Wrap task credential accesses in the x86 arch
    (*) CRED: Wrap task credential accesses in the block loopback driver
    (*) CRED: Wrap task credential accesses in the tty driver
    (*) CRED: Wrap task credential accesses in the ISDN drivers
    (*) CRED: Wrap task credential accesses in the network device drivers
    (*) CRED: Wrap task credential accesses in the USB driver
    (*) CRED: Wrap task credential accesses in 9P2000 filesystem
    (*) CRED: Wrap task credential accesses in the AFFS filesystem
    (*) CRED: Wrap task credential accesses in the autofs filesystem
    (*) CRED: Wrap task credential accesses in the autofs4 filesystem
    (*) CRED: Wrap task credential accesses in the BFS filesystem
    (*) CRED: Wrap task credential accesses in the CIFS filesystem
    (*) CRED: Wrap task credential accesses in the Coda filesystem
    (*) CRED: Wrap task credential accesses in the devpts filesystem
    (*) CRED: Wrap task credential accesses in the eCryptFS filesystem
    (*) CRED: Wrap task credential accesses in the Ext2 filesystem
    (*) CRED: Wrap task credential accesses in the Ext3 filesystem
    (*) CRED: Wrap task credential accesses in the Ext4 filesystem
    (*) CRED: Wrap task credential accesses in the FAT filesystem
    (*) CRED: Wrap task credential accesses in the FUSE filesystem
    (*) CRED: Wrap task credential accesses in the GFS2 filesystem
    (*) CRED: Wrap task credential accesses in the HFS filesystem
    (*) CRED: Wrap task credential accesses in the HFSplus filesystem
    (*) CRED: Wrap task credential accesses in the HPFS filesystem
    (*) CRED: Wrap task credential accesses in the hugetlbfs filesystem
    (*) CRED: Wrap task credential accesses in the JFS filesystem
    (*) CRED: Wrap task credential accesses in the Minix filesystem
    (*) CRED: Wrap task credential accesses in the NCPFS filesystem
    (*) CRED: Wrap task credential accesses in the NFS daemon
    (*) CRED: Wrap task credential accesses in the OCFS2 filesystem
    (*) CRED: Wrap task credential accesses in the OMFS filesystem
    (*) CRED: Wrap task credential accesses in the RAMFS filesystem
    (*) CRED: Wrap task credential accesses in the ReiserFS filesystem
    (*) CRED: Wrap task credential accesses in the SMBFS filesystem
    (*) CRED: Wrap task credential accesses in the SYSV filesystem
    (*) CRED: Wrap task credential accesses in the UBIFS filesystem
    (*) CRED: Wrap task credential accesses in the UDF filesystem
    (*) CRED: Wrap task credential accesses in the UFS filesystem
    (*) CRED: Wrap task credential accesses in the XFS filesystem
    (*) CRED: Wrap task credential accesses in the filesystem subsystem
    (*) CRED: Wrap task credential accesses in the SYSV IPC subsystem
    (*) CRED: Wrap task credential accesses in the AX25 protocol
    (*) CRED: Wrap task credential accesses in the IPv6 protocol
    (*) CRED: Wrap task credential accesses in the netrom protocol
    (*) CRED: Wrap task credential accesses in the ROSE protocol
    (*) CRED: Wrap task credential accesses in the SunRPC protocol
    (*) CRED: Wrap task credential accesses in the UNIX socket protocol
    (*) CRED: Wrap task credential accesses in the networking subsystem
    (*) CRED: Wrap task credential accesses in the key management code
    (*) CRED: Wrap task credential accesses in the capabilities code
    (*) CRED: Wrap task credential accesses in the core kernel

    Wrap accesses to most current->*[ug]id and some task->*[ug]id to use
    accessor macros to cut down the later patches and to hide RCU locking
    where it may be necessary later.

    Some of these patches are/may be upstream already.

    (*) KEYS: Disperse linux/key_ui.h

    Disperse the bits of and delete the file. The keyfs
    filesystem didn't happen, so this isn't necessary.

    (*) KEYS: Alter use of key instantiation link-to-keyring argument

    Alter the key instantiation code so as to remove the ability to directly
    access another process's credentials. The contents of the keyrings
    themselves may still change, however. I could implement a COW shadow of
    the subscribed keyrings, but I really don't think it's worth it.

    (*) CRED: Neuter sys_capset()

    Remove the ability of sys_capset() to affect other processes.

    (*) CRED: Constify the kernel_cap_t arguments to the capset LSM hooks

    As specified in the subject.

    (*) CRED: Separate task security context from task_struct

    Separate the credentials into cred struct, though that's still embedded in
    task_struct at this point.

    (*) CRED: Detach the credentials from task_struct

    Detach the struct cred from task_struct, though its lifetime still follows
    that of task_struct.

    (*) CRED: Wrap current->cred and a few other accessors
    (*) CRED: Use RCU to access another task's creds and to release a task's own creds
    (*) CRED: Wrap access to SELinux's task SID

    Wrap accesses to current's creds. Wrap accesses to other tasks' creds to
    hide the RCU where possible. Add in RCU directly where it is has to be.

    (*) CRED: Separate per-task-group keyrings from signal_struct

    Separate the process and session keyrings from signal_struct, and make
    them dangle shareably from struct cred instead.

    (*) CRED: Rename is_single_threaded() to is_wq_single_threaded()

    Rename is_single_threaded() to is_wq_single_threaded().

    (*) CRED: Make inode_has_perm() and file_has_perm() take a cred pointer

    As specified in the subject.

    (*) CRED: Pass credentials through dentry_open()

    Pass a cred pointer through dentry_open().

    (*) CRED: Inaugurate COW credentials

    Do the actual work of COW credentials.

    (*) CRED: Make execve() take advantage of copy-on-write credentials

    Make execve() take advantage of COW credentials.

    (*) CRED: Prettify commoncap.c

    Add comments in to commoncap.c and do some other stylistic cleanups.

    (*) CRED: Use creds in file structs

    Share the process's credentials with any files it opens.

    (*) CRED: Documentation

    Begin documenting the Linux credentials and the new API.

    (*) CRED: Differentiate objective and effective subjective credentials on a task

    Differentiate a task's objective and subjective credentials, thus allowing
    kernel services to override the latter.

    (*) CRED: Add a kernel_service object class to SELinux

    Add an SELinux class for kernel services and enumerate a couple of
    operations therein.

    (*) CRED: Allow kernel services to override LSM settings for task actions

    Provide helper functions for kernel services that want to override
    security details.

    David
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

+ Reply to Thread