capabilities: remove task_ns_* functions

task_ in the front of a function, in the security subsystem anyway, means
to me at least, that we are operating with that task as the subject of the
security decision.  In this case what it means is that we are using current as
the subject but we use the task to get the right namespace.  Who in the world
would ever realize that's what task_ns_capability means just by the name?  This
patch eliminates the task_ns functions entirely and uses the has_ns_capability
function instead.  This means we explicitly open code the ns in question in
the caller.  I think it makes the caller a LOT more clear what is going on.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>

diff --git a/include/linux/capability.h b/include/linux/capability.h
index 63f59fa8769db12e2d8dfcf927a67f261650fd8c..e3e8d9cb9b08e5983d39228cc9a110c77ae06d77 100644 (file)
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -547,7 +547,6 @@ extern bool has_ns_capability_noaudit(struct task_struct *t,
                                      struct user_namespace *ns, int cap);
 extern bool capable(int cap);
 extern bool ns_capable(struct user_namespace *ns, int cap);
-extern bool task_ns_capable(struct task_struct *t, int cap);
 extern bool nsown_capable(int cap);
 
 /* audit system wants to get cap info from files as well */

diff --git a/include/linux/cred.h b/include/linux/cred.h
index 40308969ed005239b1b27889c8eccf3f89d6fcbe..adadf71a73271347a5c170df3b1c5490da073910 100644 (file)
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -358,10 +358,12 @@ static inline void put_cred(const struct cred *_cred)
 #define current_security()     (current_cred_xxx(security))
 
 #ifdef CONFIG_USER_NS
-#define current_user_ns() (current_cred_xxx(user_ns))
+#define current_user_ns()      (current_cred_xxx(user_ns))
+#define task_user_ns(task)     (task_cred_xxx((task), user_ns))
 #else
 extern struct user_namespace init_user_ns;
-#define current_user_ns() (&init_user_ns)
+#define current_user_ns()      (&init_user_ns)
+#define task_user_ns(task)     (&init_user_ns)
 #endif
 
 

diff --git a/kernel/capability.c b/kernel/capability.c
index 47626446c39affe8247c38787bf83f5c40a0a643..74fb3b6030451ea3514ffeed6554818793a67c59 100644 (file)
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -408,20 +408,6 @@ bool capable(int cap)
 }
 EXPORT_SYMBOL(capable);
 
-/**
- * task_ns_capable - Determine whether current task has a superior
- * capability targeted at a specific task's user namespace.
- * @t: The task whose user namespace is targeted.
- * @cap: The capability in question.
- *
- *  Return true if it does, false otherwise.
- */
-bool task_ns_capable(struct task_struct *t, int cap)
-{
-       return ns_capable(task_cred_xxx(t, user)->user_ns, cap);
-}
-EXPORT_SYMBOL(task_ns_capable);
-
 /**
  * nsown_capable - Check superior capability to one's own user_ns
  * @cap: The capability in question

diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index a70d2a5d8c7b1fd4bbbefb2d918136f5ce933875..210bbf045ee983697ea6c187d5d537e32ad0c779 100644 (file)
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -196,7 +196,7 @@ ok:
        smp_rmb();
        if (task->mm)
                dumpable = get_dumpable(task->mm);
-       if (!dumpable && !task_ns_capable(task, CAP_SYS_PTRACE))
+       if (!dumpable && !ns_capable(task_user_ns(task), CAP_SYS_PTRACE))
                return -EPERM;
 
        return security_ptrace_access_check(task, mode);
@@ -266,7 +266,7 @@ static int ptrace_attach(struct task_struct *task, long request,
        task->ptrace = PT_PTRACED;
        if (seize)
                task->ptrace |= PT_SEIZED;
-       if (task_ns_capable(task, CAP_SYS_PTRACE))
+       if (ns_capable(task_user_ns(task), CAP_SYS_PTRACE))
                task->ptrace |= PT_PTRACE_CAP;
 
        __ptrace_link(task, current);

diff --git a/kernel/sched.c b/kernel/sched.c
index b50b0f0c9aa90cc6d313ccd95573d39f256f90d1..5670028a9c162eeea70e5d774bd2071b7e18a920 100644 (file)
--- a/kernel/sched.c
+++ b/kernel/sched.c
@@ -5409,7 +5409,7 @@ long sched_setaffinity(pid_t pid, const struct cpumask *in_mask)
                goto out_free_cpus_allowed;
        }
        retval = -EPERM;
-       if (!check_same_owner(p) && !task_ns_capable(p, CAP_SYS_NICE))
+       if (!check_same_owner(p) && !ns_capable(task_user_ns(p), CAP_SYS_NICE))
                goto out_unlock;
 
        retval = security_task_setscheduler(p);