summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2012-01-03 12:25:15 -0500
committerEric Paris <eparis@redhat.com>2012-01-05 18:52:54 -0500
commitc7eba4a97563fd8b431787f7ad623444f2da80c6 (patch)
tree12041949c45c2f394d6a96041c39e07ad6df720b
parentb7e724d303b684655e4ca3dabd5a6840ad19012d (diff)
downloadlwn-c7eba4a97563fd8b431787f7ad623444f2da80c6.tar.gz
lwn-c7eba4a97563fd8b431787f7ad623444f2da80c6.zip
capabilities: introduce security_capable_noaudit
Exactly like security_capable except don't audit any denials. This is for places where the kernel may make decisions about what to do if a task has a given capability, but which failing that capability is not a sign of a security policy violation. An example is checking if a task has CAP_SYS_ADMIN to lower it's likelyhood of being killed by the oom killer. This check is not a security violation if it is denied. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>
-rw-r--r--include/linux/security.h7
-rw-r--r--security/security.c6
2 files changed, 13 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index ee969ff40a26..caff54eee686 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1668,6 +1668,8 @@ int security_capset(struct cred *new, const struct cred *old,
const kernel_cap_t *permitted);
int security_capable(const struct cred *cred, struct user_namespace *ns,
int cap);
+int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
+ int cap);
int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
int cap);
int security_real_capable_noaudit(struct task_struct *tsk,
@@ -1869,6 +1871,11 @@ static inline int security_capable(const struct cred *cred,
return cap_capable(cred, ns, cap, SECURITY_CAP_AUDIT);
}
+static inline int security_capable_noaudit(const struct cred *cred,
+ struct user_namespace *ns, int cap) {
+ return cap_capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
+}
+
static inline int security_real_capable(struct task_struct *tsk, struct user_namespace *ns, int cap)
{
int ret;
diff --git a/security/security.c b/security/security.c
index b9e57f4fc44a..b7edaae77d1d 100644
--- a/security/security.c
+++ b/security/security.c
@@ -160,6 +160,12 @@ int security_capable(const struct cred *cred, struct user_namespace *ns,
return security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT);
}
+int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
+ int cap)
+{
+ return security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
+}
+
int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
int cap)
{