Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754827Ab2JEODY (ORCPT <rfc822;w@1wt.eu>);
	Fri, 5 Oct 2012 10:03:24 -0400
Received: from 50-56-35-84.static.cloud-ips.com ([50.56.35.84]:38166 "EHLO
	mail.hallyn.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752956Ab2JEODW (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Fri, 5 Oct 2012 10:03:22 -0400
Date: Fri, 5 Oct 2012 14:05:19 +0000
From: "Serge E. Hallyn" <serge@hallyn.com>
To: Andrew Vagin <avagin@openvz.org>
Cc: linux-kernel@vger.kernel.org, criu@openvz.org,
        Pavel Emelyanov <xemul@parallels.com>,
        Cyrill Gorcunov <gorcunov@openvz.org>,
        Serge Hallyn <serge.hallyn@canonical.com>,
        linux-security-module@vger.kernel.org,
        Andrew Morgan <morgan@kernel.org>
Subject: Re: [PATCH] proc: don't show nonexistent capabilities
Message-ID: <20121005140519.GA28890@mail.hallyn.com>
References: <1349209832-279922-1-git-send-email-avagin@openvz.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1349209832-279922-1-git-send-email-avagin@openvz.org>
User-Agent: Mutt/1.5.20 (2009-06-14)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2449
Lines: 62

Quoting Andrew Vagin (avagin@openvz.org):
> Without this patch it is really hard to interpret a bounding set,
> if CAP_LAST_CAP is unknown for a current kernel.

To be clear, note that you *can* figure it out using
prctl(PR_CAPBSET_DROP).  But this is a nice improvement.

> Non-existant capabilities can not be deleted from a bounding set
> with help of prctl.
> 
> E.g.: Here are two examples without/with this patch.
> CapBnd:	ffffffe0fdecffff
> CapBnd:	00000000fdecffff
> 
> I suggest to hide non-existent capabilities. Here is two reasons.
> * It's logically and easier for using.
> * It helps to checkpoint-restore capabilities of tasks, because tasks
> can be restored on another kernel, where CAP_LAST_CAP is bigger.
> 
> Cc: Serge Hallyn <serge.hallyn@canonical.com>

Thanks, Andrew.  I saw your other email about having run LTP, I didn't
see any problems from userspace either.  Great idea!

Reviewed-by: Serge Hallyn <serge.hallyn@canonical.com>

Still it's been like that for so long that, just to be safe, I'm cc:ing
Andrew Morgan - can you see any problems with this?

> Cc: Pavel Emelyanov <xemul@parallels.com>
> Signed-off-by: Andrew Vagin <avagin@openvz.org>
> ---
>  include/linux/capability.h |    3 ++-
>  1 files changed, 2 insertions(+), 1 deletions(-)
> 
> diff --git a/include/linux/capability.h b/include/linux/capability.h
> index d10b7ed..1642778 100644
> --- a/include/linux/capability.h
> +++ b/include/linux/capability.h
> @@ -420,7 +420,8 @@ extern const kernel_cap_t __cap_init_eff_set;
>  #else /* HAND-CODED capability initializers */
>  
>  # define CAP_EMPTY_SET    ((kernel_cap_t){{ 0, 0 }})
> -# define CAP_FULL_SET     ((kernel_cap_t){{ ~0, ~0 }})
> +# define CAP_FULL_SET     ((kernel_cap_t){{ ~0, \
> +					CAP_TO_MASK(CAP_LAST_CAP + 1) - 1 } })
>  # define CAP_FS_SET       ((kernel_cap_t){{ CAP_FS_MASK_B0 \
>  				    | CAP_TO_MASK(CAP_LINUX_IMMUTABLE), \
>  				    CAP_FS_MASK_B1 } })
> -- 
> 1.7.1
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/