Skip to content
Snippets Groups Projects
Select Git revision
  • seco_lf-6.6.23-2.0.0_trizeps8plus-dev
  • seco_lf-5.10.y default protected
  • integrate/gitlab-ci/cleaos-640-automatic-release-creation/into/seco_lf-5.10.y
  • integrate/gitlab-ci/SW-1821-goals-2024-cybersecurity-reports-in-edgehog/into/seco_lf-5.10.y
  • seco_lf-6.6.23-2.0.0_e88-dev
  • seco_lf-5.10.y-mx8m_sscg
  • niccolor/f03-porting
  • jonas/Draft-eeprom-nvmem-driver-stub
  • tkah/e83_test_ext_eeprom
  • seco_lf-6.6.23-2.0.0_e39-e77-dev
  • oleksii/myon2_next
  • oleksii/adc081c-add-support-of-IIO-events-on-ALERT-pin
  • integrate/gitlab-ci/test-after-token-rotation-and-blocked-gitbot-user/into/seco_lf-5.10.y
  • integrate/gitlab-ci/test-after-token-rotation/into/seco_lf-5.10.y
  • seco_lf-6.6.23-2.0.0
  • integrate/gitlab-ci/cleaos-492-manage-machines-and-distros-for-custom-projects/into/seco_lf-5.10.y
  • integrate/gitlab-ci/test-gitlab-service-account/into/seco_lf-5.10.y
  • integrate/gitlab-ci/cleaos-526-create-mirror-of-yocto-packages-test-performance1/into/seco_lf-5.10.y
  • seco_lf-5.10.y_d18-e71-dev
  • seco_lf-5.10.y-d18_tlv_rst
  • lf-6.1.55-2.2.1
  • lf-6.6.3-1.0.0
  • lf-6.6.3-imx95-er2
  • lf-6.1.55-2.2.0
  • lf-6.6.y-imx95-er1
  • lf-5.15.71-2.2.2
  • lf-6.1.36-2.1.0
  • lf-5.15.71-2.2.1
  • lf-6.1.22-2.0.0
  • lf-6.1.1-1.0.1
  • rel_imx_5.4.24_2.1.4
  • rel_imx_4.9.88_2.0.13
  • rel_imx_4.14.98_2.3.5
  • lf-6.1.1-1.0.0
  • rel_imx_5.4.3_2.0.2
  • lf-5.15.71-2.2.0
  • lf-5.10.72-2.2.3
  • lf-5.15.52-2.1.0
  • imx_5.15.52_imx8ulp_er1
  • lf-5.10.72-2.2.2
40 results
Blame History Permalink
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
capability.c 14.77 KiB 
// SPDX-License-Identifier: GPL-2.0
/*
 * linux/kernel/capability.c
 *
 * Copyright (C) 1997  Andrew Main <zefram@fysh.org>
 *
 * Integrated into 2.1.97+,  Andrew G. Morgan <morgan@kernel.org>
 * 30 May 2002:	Cleanup, Robert M. Love <rml@tech9.net>
 */

#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt

#include <linux/audit.h>
#include <linux/capability.h>
#include <linux/mm.h>
#include <linux/export.h>
#include <linux/security.h>
#include <linux/syscalls.h>
#include <linux/pid_namespace.h>
#include <linux/user_namespace.h>
#include <linux/uaccess.h>

/*
 * Leveraged for setting/resetting capabilities
 */

const kernel_cap_t __cap_empty_set = CAP_EMPTY_SET;
EXPORT_SYMBOL(__cap_empty_set);

int file_caps_enabled = 1;

static int __init file_caps_disable(char *str)
{
	file_caps_enabled = 0;
	return 1;
}
__setup("no_file_caps", file_caps_disable);

#ifdef CONFIG_MULTIUSER
/*
 * More recent versions of libcap are available from:
 *
 *   http://www.kernel.org/pub/linux/libs/security/linux-privs/
 */

static void warn_legacy_capability_use(void)
{
	char name[sizeof(current->comm)];

	pr_info_once("warning: `%s' uses 32-bit capabilities (legacy support in use)\n",
		     get_task_comm(name, current));
}

/*
 * Version 2 capabilities worked fine, but the linux/capability.h file
 * that accompanied their introduction encouraged their use without
 * the necessary user-space source code changes. As such, we have
 * created a version 3 with equivalent functionality to version 2, but
 * with a header change to protect legacy source code from using
 * version 2 when it wanted to use version 1. If your system has code
 * that trips the following warning, it is using version 2 specific
 * capabilities and may be doing so insecurely.
 *
 * The remedy is to either upgrade your version of libcap (to 2.10+,
 * if the application is linked against it), or recompile your
 * application with modern kernel headers and this warning will go
 * away.
 */

static void warn_deprecated_v2(void)