Página Principal Explorar Ajuda
Registe-se Iniciar Sessão
phyus
/
linux-vybrid_public
8
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Ver Fonte

kernel/sysctl.c: add cap_last_cap to /proc/sys/kernel

Userspace needs to know the highest valid capability of the running
kernel, which right now cannot reliably be retrieved from the header files
only.  The fact that this value cannot be determined properly right now
creates various problems for libraries compiled on newer header files
which are run on older kernels.  They assume capabilities are available
which actually aren't.  libcap-ng is one example.  And we ran into the
same problem with systemd too.

Now the capability is exported in /proc/sys/kernel/cap_last_cap.

[akpm@linux-foundation.org: make cap_last_cap const, per Ulrich]
Signed-off-by: Dan Ballard <dan@mindstab.net>
Cc: Randy Dunlap <rdunlap@xenotime.net>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Lennart Poettering <lennart@poettering.net>
Cc: Kay Sievers <kay.sievers@vrfy.org>
Cc: Ulrich Drepper <drepper@akkadia.org>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Dan Ballard há 13 anos atrás
pai
4ff819515b
commit
73efc0394e
2 ficheiros alterados com 17 adições e 0 exclusões
Visão Dividida Mostrar Estatísticas Diff
  1. 8 0
      Documentation/sysctl/kernel.txt
  2. 9 0
      kernel/sysctl.c

+ 8 - 0
Documentation/sysctl/kernel.txt
Ver Ficheiro 

@@ -24,6 +24,7 @@ show up in /proc/sys/kernel:
 
 - bootloader_type	     [ X86 only ]
 
 - bootloader_version	     [ X86 only ]
 
 - callhome		     [ S390 only ]
 
+- cap_last_cap
 
 - core_pattern
 
 - core_pipe_limit
 
 - core_uses_pid
 
@@ -155,6 +156,13 @@ on has a service contract with IBM.
 
 
 ==============================================================
 
 
+cap_last_cap
 
+
 
+Highest valid capability of the running kernel.  Exports
 
+CAP_LAST_CAP from the kernel.
 
+
 
+==============================================================
 
+
 
 core_pattern:
 
 
 core_pattern is used to specify a core dumpfile pattern name.

+ 9 - 0
kernel/sysctl.c
Ver Ficheiro 

@@ -57,6 +57,7 @@
 
 #include <linux/pipe_fs_i.h>
 
 #include <linux/oom.h>
 
 #include <linux/kmod.h>
 
+#include <linux/capability.h>
 
 
 #include <asm/uaccess.h>
 
 #include <asm/processor.h>
 
@@ -134,6 +135,7 @@ static int minolduid;
 
 static int min_percpu_pagelist_fract = 8;
 
 
 static int ngroups_max = NGROUPS_MAX;
 
+static const int cap_last_cap = CAP_LAST_CAP;
 
 
 #ifdef CONFIG_INOTIFY_USER
 
 #include <linux/inotify.h>
 
@@ -740,6 +742,13 @@ static struct ctl_table kern_table[] = {
 
 		.mode		= 0444,
 
 		.proc_handler	= proc_dointvec,
 
 	},
 
+	{
 
+		.procname	= "cap_last_cap",
 
+		.data		= (void *)&cap_last_cap,
 
+		.maxlen		= sizeof(int),
 
+		.mode		= 0444,
 
+		.proc_handler	= proc_dointvec,
 
+	},
 
 #if defined(CONFIG_LOCKUP_DETECTOR)
 
 	{
 
 		.procname       = "watchdog",