Question:
The patch does the semantic equivalent of:
-#define cap_clear(c) do { cap_t(c) = 0; } while(0)
-#define cap_set_full(c) do { cap_t(c) = ~0; } while(0)
+# define cap_clear(c) do { (c) = __cap_empty_set; } while (0)
+# define cap_set_full(c) do { (c) = __cap_full_set; } while (0)
+# define cap_set_init_eff(c) do { (c) = __cap_init_eff_set; } while (0)
Was it intentional, or an oversight, that this blows chunks in modules
that try to use cap_clear() or cap_set_full() because the __cap_*
symbols don't get an EXPORT_SYMBOL() attached to them?
Quoting [email protected] ([email protected]):
> Question:
>
> The patch does the semantic equivalent of:
>
> -#define cap_clear(c) do { cap_t(c) = 0; } while(0)
> -#define cap_set_full(c) do { cap_t(c) = ~0; } while(0)
>
> +# define cap_clear(c) do { (c) = __cap_empty_set; } while (0)
> +# define cap_set_full(c) do { (c) = __cap_full_set; } while (0)
> +# define cap_set_init_eff(c) do { (c) = __cap_init_eff_set; } while (0)
>
> Was it intentional, or an oversight, that this blows chunks in modules
> that try to use cap_clear() or cap_set_full() because the __cap_*
> symbols don't get an EXPORT_SYMBOL() attached to them?
I think that's one big oops, and the following is needed.
>From 9c217a6280b559cca28edab621d2d22288ce0ac6 Mon Sep 17 00:00:00 2001
From: Serge E. Hallyn <[email protected]>
Date: Mon, 3 Dec 2007 09:59:50 -0500
Subject: [PATCH 1/1] capabilities: export __cap_ symbols
Export __cap_empty_set and friends so that the cap_clear(),
cap_set_full() and cap_set_init_eff() defines can be used
by modules.
Signed-off-by: Serge E. Hallyn <[email protected]>
---
kernel/capability.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/kernel/capability.c b/kernel/capability.c
index 9f2db55..064eb8a 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -29,6 +29,10 @@ const kernel_cap_t __cap_empty_set = CAP_EMPTY_SET;
const kernel_cap_t __cap_full_set = CAP_FULL_SET;
const kernel_cap_t __cap_init_eff_set = CAP_INIT_EFF_SET;
+EXPORT_SYMBOL(__cap_empty_set);
+EXPORT_SYMBOL(__cap_full_set);
+EXPORT_SYMBOL(__cap_init_eff_set);
+
/*
* For sys_getproccap() and sys_setproccap(), any of the three
* capability set pointers may be NULL -- indicating that that set is
--
1.5.1.1.GIT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Serge E. Hallyn wrote:
> Quoting [email protected] ([email protected]):
>> Question:
>>
>> The patch does the semantic equivalent of:
>>
>> -#define cap_clear(c) do { cap_t(c) = 0; } while(0)
>> -#define cap_set_full(c) do { cap_t(c) = ~0; } while(0)
>>
>> +# define cap_clear(c) do { (c) = __cap_empty_set; } while (0)
>> +# define cap_set_full(c) do { (c) = __cap_full_set; } while (0)
>> +# define cap_set_init_eff(c) do { (c) = __cap_init_eff_set; } while (0)
>>
>> Was it intentional, or an oversight, that this blows chunks in modules
>> that try to use cap_clear() or cap_set_full() because the __cap_*
>> symbols don't get an EXPORT_SYMBOL() attached to them?
Definitely an oversight. Thanks Serge for the fix!
Cheers
Andrew
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHV1SP+bHCR3gb8jsRAtikAJ9FEm6ETGa9qrr82kLI4ZtsACZ43gCgqIcY
GbuHBsxpaZtQDEgU/3OCgA0=
=A9+O
-----END PGP SIGNATURE-----