netlink: kill eff_cap from struct netlink_skb_parms
authorPatrick McHardy <kaber@trash.net>
Thu, 3 Mar 2011 21:32:07 +0000 (13:32 -0800)
committerDavid S. Miller <davem@davemloft.net>
Thu, 3 Mar 2011 21:32:07 +0000 (13:32 -0800)
Netlink message processing in the kernel is synchronous these days,
capabilities can be checked directly in security_netlink_recv() from
the current process.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Reviewed-by: James Morris <jmorris@namei.org>
[chrisw: update to include pohmelfs and uvesafb]
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/block/drbd/drbd_nl.c
drivers/md/dm-log-userspace-transfer.c
drivers/staging/pohmelfs/config.c
drivers/video/uvesafb.c
include/linux/netlink.h
net/netlink/af_netlink.c
security/commoncap.c

index 8cbfaa687d723152b27955cfbc4a43c1af858121..fe81c851ca8800fdce14bccc3c7be032b7263669 100644 (file)
@@ -2177,7 +2177,7 @@ static void drbd_connector_callback(struct cn_msg *req, struct netlink_skb_parms
                return;
        }
 
-       if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN)) {
+       if (!cap_raised(current_cap(), CAP_SYS_ADMIN)) {
                retcode = ERR_PERM;
                goto fail;
        }
index 049eaf12aaab93465889a3dd5fe01e78955fb514..1f23e048f07713846531d7e1e5ca62588a572d42 100644 (file)
@@ -134,7 +134,7 @@ static void cn_ulog_callback(struct cn_msg *msg, struct netlink_skb_parms *nsp)
 {
        struct dm_ulog_request *tfr = (struct dm_ulog_request *)(msg + 1);
 
-       if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN))
+       if (!cap_raised(current_cap(), CAP_SYS_ADMIN))
                return;
 
        spin_lock(&receiving_list_lock);
index 89279ba1b7378aee57230d1964d072fb4b38e703..39413b7d387d1c341cfab722dd629996acd07414 100644 (file)
@@ -525,7 +525,7 @@ static void pohmelfs_cn_callback(struct cn_msg *msg, struct netlink_skb_parms *n
 {
        int err;
 
-       if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN))
+       if (!cap_raised(current_cap(), CAP_SYS_ADMIN))
                return;
 
        switch (msg->flags) {
index 52ec0959d462aedeff308ff3106acfd53f0a0ff1..5180a215d781337912c4e71d6a8e0cdbdd35ba55 100644 (file)
@@ -73,7 +73,7 @@ static void uvesafb_cn_callback(struct cn_msg *msg, struct netlink_skb_parms *ns
        struct uvesafb_task *utask;
        struct uvesafb_ktask *task;
 
-       if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN))
+       if (!cap_raised(current_cap(), CAP_SYS_ADMIN))
                return;
 
        if (msg->seq >= UVESAFB_TASKS_MAX)
index 66823b8620227d3f9cba8761927e984b24b350ed..4c4ac3f3ce5a9968b0b5f2c7534ebc04faa74248 100644 (file)
@@ -160,7 +160,6 @@ struct netlink_skb_parms {
        struct ucred            creds;          /* Skb credentials      */
        __u32                   pid;
        __u32                   dst_group;
-       kernel_cap_t            eff_cap;
 };
 
 #define NETLINK_CB(skb)                (*(struct netlink_skb_parms*)&((skb)->cb))
index 97ecd923d7ee36517ad8570849c6b0014067ba88..a808fb1e877d43276e8114953afe551f291fd548 100644 (file)
@@ -1364,12 +1364,6 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
        NETLINK_CB(skb).dst_group = dst_group;
        memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
 
-       /* What can I do? Netlink is asynchronous, so that
-          we will have to save current capabilities to
-          check them, when this message will be delivered
-          to corresponding kernel module.   --ANK (980802)
-        */
-
        err = -EFAULT;
        if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
                kfree_skb(skb);
index 64c2ed9c90158d1b7df59eff08595566d3dc1927..a83e607d91c343744d66624608661320776a0c87 100644 (file)
@@ -52,13 +52,12 @@ static void warn_setuid_and_fcaps_mixed(const char *fname)
 
 int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
 {
-       NETLINK_CB(skb).eff_cap = current_cap();
        return 0;
 }
 
 int cap_netlink_recv(struct sk_buff *skb, int cap)
 {
-       if (!cap_raised(NETLINK_CB(skb).eff_cap, cap))
+       if (!cap_raised(current_cap(), cap))
                return -EPERM;
        return 0;
 }