diff options
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/capability.c | 5 | ||||
| -rw-r--r-- | kernel/sysctl.c | 8 | ||||
| -rw-r--r-- | kernel/sysctl_check.c | 5 |
3 files changed, 12 insertions, 6 deletions
diff --git a/kernel/capability.c b/kernel/capability.c index 4e350a36ed6..14853be5944 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -3,7 +3,7 @@ * * Copyright (C) 1997 Andrew Main <zefram@fysh.org> * - * Integrated into 2.1.97+, Andrew G. Morgan <morgan@transmeta.com> + * Integrated into 2.1.97+, Andrew G. Morgan <morgan@kernel.org> * 30 May 2002: Cleanup, Robert M. Love <rml@tech9.net> */ @@ -14,9 +14,6 @@ #include <linux/syscalls.h> #include <asm/uaccess.h> -unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */ -kernel_cap_t cap_bset = CAP_INIT_EFF_SET; - /* * This lock protects task->cap_* for all tasks including current. * Locking rule: acquire this prior to tasklist_lock. diff --git a/kernel/sysctl.c b/kernel/sysctl.c index c25e67e19af..067554bda8b 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -24,7 +24,7 @@ #include <linux/slab.h> #include <linux/sysctl.h> #include <linux/proc_fs.h> -#include <linux/capability.h> +#include <linux/security.h> #include <linux/ctype.h> #include <linux/utsname.h> #include <linux/smp_lock.h> @@ -371,6 +371,7 @@ static struct ctl_table kern_table[] = { .proc_handler = &proc_dointvec_taint, }, #endif +#ifdef CONFIG_SECURITY_CAPABILITIES { .procname = "cap-bound", .data = &cap_bset, @@ -378,6 +379,7 @@ static struct ctl_table kern_table[] = { .mode = 0600, .proc_handler = &proc_dointvec_bset, }, +#endif /* def CONFIG_SECURITY_CAPABILITIES */ #ifdef CONFIG_BLK_DEV_INITRD { .ctl_name = KERN_REALROOTDEV, @@ -1872,10 +1874,11 @@ static int do_proc_dointvec_bset_conv(int *negp, unsigned long *lvalp, return 0; } +#ifdef CONFIG_SECURITY_CAPABILITIES /* * init may raise the set. */ - + int proc_dointvec_bset(struct ctl_table *table, int write, struct file *filp, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -1889,6 +1892,7 @@ int proc_dointvec_bset(struct ctl_table *table, int write, struct file *filp, return do_proc_dointvec(table,write,filp,buffer,lenp,ppos, do_proc_dointvec_bset_conv,&op); } +#endif /* def CONFIG_SECURITY_CAPABILITIES */ /* * Taint values can only be increased diff --git a/kernel/sysctl_check.c b/kernel/sysctl_check.c index f47c33d1703..3c9ef5a7d57 100644 --- a/kernel/sysctl_check.c +++ b/kernel/sysctl_check.c @@ -38,7 +38,10 @@ static struct trans_ctl_table trans_kern_table[] = { { KERN_NODENAME, "hostname" }, { KERN_DOMAINNAME, "domainname" }, +#ifdef CONFIG_SECURITY_CAPABILITIES { KERN_CAP_BSET, "cap-bound" }, +#endif /* def CONFIG_SECURITY_CAPABILITIES */ + { KERN_PANIC, "panic" }, { KERN_REALROOTDEV, "real-root-dev" }, @@ -1532,7 +1535,9 @@ int sysctl_check_table(struct ctl_table *table) (table->strategy == sysctl_ms_jiffies) || (table->proc_handler == proc_dostring) || (table->proc_handler == proc_dointvec) || +#ifdef CONFIG_SECURITY_CAPABILITIES (table->proc_handler == proc_dointvec_bset) || +#endif /* def CONFIG_SECURITY_CAPABILITIES */ (table->proc_handler == proc_dointvec_minmax) || (table->proc_handler == proc_dointvec_jiffies) || (table->proc_handler == proc_dointvec_userhz_jiffies) || |