|
Linux Kernel
3.7.1
|
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
|
Linux Kernel
3.7.1
|
#include <linux/capability.h>#include <linux/init.h>#include <linux/key.h>#include <linux/selinux.h>#include <linux/atomic.h>#include <linux/uidgid.h>Go to the source code of this file.
Data Structures | |
| struct | group_info |
| struct | cred |
Variables | |
| struct group_info | init_groups |
| struct user_namespace | init_user_ns |
| #define __task_cred | ( | task | ) | rcu_dereference((task)->real_cred) |
| #define current_cap | ( | ) | (current_cred_xxx(cap_effective)) |
| #define current_cred | ( | ) | rcu_dereference_protected(current->cred, 1) |
| #define current_cred_xxx | ( | xxx | ) |
| #define current_egid | ( | ) | (current_cred_xxx(egid)) |
| #define current_euid | ( | ) | (current_cred_xxx(euid)) |
| #define current_euid_egid | ( | _euid, | |
| _egid | |||
| ) |
| #define current_fsgid | ( | ) | (current_cred_xxx(fsgid)) |
| #define current_fsuid | ( | ) | (current_cred_xxx(fsuid)) |
| #define current_fsuid_fsgid | ( | _fsuid, | |
| _fsgid | |||
| ) |
| #define current_gid | ( | ) | (current_cred_xxx(gid)) |
| #define current_security | ( | ) | (current_cred_xxx(security)) |
| #define current_sgid | ( | ) | (current_cred_xxx(sgid)) |
| #define current_suid | ( | ) | (current_cred_xxx(suid)) |
| #define current_uid | ( | ) | (current_cred_xxx(uid)) |
| #define current_uid_gid | ( | _uid, | |
| _gid | |||
| ) |
| #define current_user | ( | ) | (current_cred_xxx(user)) |
| #define current_user_ns | ( | void | ) | (&init_user_ns) |
| #define get_current_cred | ( | ) | (get_cred(current_cred())) |
| #define get_current_groups | ( | ) |
get_current_groups - Get the current task's supplementary group list
Get the supplementary group list of the current task, pinning it so that it can't go away.
| #define get_current_user | ( | ) |
get_current_user - Get the current task's user_struct
Get the user record of the current task, pinning it so that it can't go away.
| #define GROUP_AT | ( | gi, | |
| i | |||
| ) | ((gi)->blocks[(i) / NGROUPS_PER_BLOCK][(i) % NGROUPS_PER_BLOCK]) |
| #define put_group_info | ( | group_info | ) |
put_group_info - Release a reference to a group info structure : The group info to release
| #define task_cred_xxx | ( | task, | |
| xxx | |||
| ) |
| #define task_euid | ( | task | ) | (task_cred_xxx((task), euid)) |
| #define task_user_ns | ( | task | ) | (&init_user_ns) |
commit_creds - Install new credentials upon the current task : The credentials to be assigned
Install a new set of credentials to the current task, using RCU to replace the old set. Both the objective and the subjective credentials pointers are updated. This function may not be called if the subjective credentials are in an overridden state.
This function eats the caller's reference to the new credentials.
Always returns 0 thus allowing this function to be tail-called at the end of, say, sys_setgid().
| int copy_creds | ( | struct task_struct * | , |
| unsigned | long | ||
| ) |
| void exit_creds | ( | struct task_struct * | ) |
|
read |
get_task_cred - Get another task's objective credentials : The task to query
Get the objective credentials of a task, pinning them so that they can't go away. Accessing a task's credentials directly is not permitted.
The caller must also make sure task doesn't get deleted, either by holding a ref on task or by holding tasklist_lock to prevent it from being unlinked.
|
read |
| void groups_free | ( | struct group_info * | ) |
prepare_creds - Prepare a new set of credentials for modification
Prepare a new set of task credentials for modification. A task's creds shouldn't generally be modified directly, therefore this function is used to prepare a new copy, which the caller then modifies and then commits by calling commit_creds().
Preparation involves making a copy of the objective creds for modification.
Returns a pointer to the new creds-to-be if successful, NULL otherwise.
Call commit_creds() or abort_creds() to clean up.
|
read |
prepare_kernel_cred - Prepare a set of credentials for a kernel service : A userspace daemon to be used as a reference
Prepare a set of credentials for a kernel service. This can then be used to override a task's own credentials so that work can be done on behalf of that task that requires a different subjective context.
is used to provide a base for the security record, but can be NULL. If is supplied, then the security data will be derived from that; otherwise they'll be set to 0 and no groups, full capabilities and no keys.
The caller may change these controls afterwards if desired.
Returns the new credentials or NULL if out of memory.
Does not take, and does not return holding current->cred_replace_mutex.
set_create_files_as - Set the LSM file create context in a set of credentials : The credentials to alter : The inode to take the context from
Change the LSM file creation context in a set of credentials to be the same as the object context of the specified inode, so that the new inodes have the same MAC context as that inode.
| int set_current_groups | ( | struct group_info * | group_info | ) |
| int set_groups | ( | struct cred * | new, |
| struct group_info * | group_info | ||
| ) |
set_security_override_from_ctx - Set the security ID in a set of credentials : The credentials to alter : The LSM security context to generate the security ID from.
Set the LSM security ID in a set of credentials so that the subjective security is overridden when an alternative set of credentials is used. The security ID is specified in string form as a security context to be interpreted by the LSM.
| struct group_info init_groups |
| struct user_namespace init_user_ns |
1.8.2