OpenVZ Forum


Home » Mailing lists » Devel » [PATCH RFC] capabilities: introduce per-process capability bounding set
Re: [PATCH RFC] capabilities: introduce per-process capability bounding set [message #20544 is a reply to message #20295] Thu, 20 September 2007 04:16 Go to previous messageGo to previous message
Andrew Morgan is currently offline  Andrew Morgan
Messages: 9
Registered: September 2007
Junior Member
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Serge E. Hallyn wrote:
> +		case PR_GET_CAPBSET:
> +			error = put_user(current->cap_bset, (unsigned long __user *)arg2);
> +			break;
> +		case PR_SET_CAPBSET:
> +			if (!capable(CAP_SYS_ADMIN))
> +				return -EPERM;
> +			if (!cap_issubset(arg2, current->cap_bset))
> +				return -EINVAL;
> +			current->cap_bset = arg2;
> +			break;

You need to pass the capability magic value in both get and set
directions... Otherwise, you'll not be able to tell what vintage of
cap_bset you are manipulating.

Cheers

Andrew
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFG8fQ0QheEq9QabfIRApzJAKCUSxj72X4F++kNGy29oO6FE/OGAgCeIrBw
dzyfE/XF2Fl71WQvIwu/E9s=
=hkFZ
-----END PGP SIGNATURE-----
_______________________________________________
Containers mailing list
Containers@lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Previous Topic: [PATCH 2/2] Uninline find_pid etc set of functions
Next Topic: [PATCH 0/5] Fair group scheduler - various fixes
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Fri Aug 01 22:36:29 GMT 2025

Total time taken to generate the page: 0.48645 seconds
Powered by FUDforum Powered by Virtuozzo Containers