]> git.baikalelectronics.ru Git - kernel.git/commit
security: filesystem capabilities refactor kernel code
authorAndrew G. Morgan <morgan@kernel.org>
Thu, 24 Jul 2008 04:28:25 +0000 (21:28 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Thu, 24 Jul 2008 17:47:22 +0000 (10:47 -0700)
commit78390b2f5206336b6e579a8197f1660db3f88f09
tree110f60462a54e869402346b5ae9cfaed012cf8f4
parent7bc06d39118fdee0e9d0d5248dcd2794048b0162
security: filesystem capabilities refactor kernel code

To date, we've tried hard to confine filesystem support for capabilities
to the security modules.  This has left a lot of the code in
kernel/capability.c in a state where it looks like it supports something
that filesystem support for capabilities actually suppresses when the LSM
security/commmoncap.c code runs.  What is left is a lot of code that uses
sub-optimal locking in the main kernel

With this change we refactor the main kernel code and make it explicit
which locks are needed and that the only remaining kernel races in this
area are associated with non-filesystem capability code.

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
kernel/capability.c