diff options
| author | NeilBrown <neilb@suse.com> | 2018-05-21 14:35:12 +1000 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2018-05-25 18:29:10 +0200 |
| commit | f497115d4cf8a430c5d9902ce35716ba5f9c21ef (patch) | |
| tree | 81943e7633cb50a334ca96c7a78b68fb6c47ad68 /tools/perf/scripts/python | |
| parent | staging: lustre: remove current_pid() and current_comm() (diff) | |
| download | linux-f497115d4cf8a430c5d9902ce35716ba5f9c21ef.tar.gz linux-f497115d4cf8a430c5d9902ce35716ba5f9c21ef.zip | |
staging: lustre: simplify capability dropping.
Lustre has a 'squash credentials' concept similar to the "anon_uid"
for nfsd. When accessing a file with squashed credentials, we
need to also drop capabilities.
Linux has cap_drop_fs_set() and cap_drop_nfsd_set(). Rather than
taking a completely different approach, this patch changes lustre
to use this same cap_drop_*_set() approach.
With this change we also drop CAP_MKNOD and CAP_MAC_OVERRIDE
which are probably appropriate, and don't drop
CAP_SYS_ADMIN or CAP_SYS_BOOT which should be irrelevant for
file permission checking
Calling both cap_drop_*_set() seems a bit clumsy, but gets
the job done.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'tools/perf/scripts/python')
0 files changed, 0 insertions, 0 deletions