[1/2] capability: export has_capability
diff mbox

Message ID 1482336616-19252-2-git-send-email-jike.song@intel.com
State New
Headers show

Commit Message

Jike Song Dec. 21, 2016, 4:10 p.m. UTC
has_capability() is sometimes needed by modules to test capability
for specified task other than current, so export it.

Cc: Alex Williamson <alex.williamson@redhat.com>
Cc: Kirti Wankhede <kwankhede@nvidia.com>
Signed-off-by: Jike Song <jike.song@intel.com>
---
 kernel/capability.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Alex Williamson Jan. 11, 2017, 6:47 p.m. UTC | #1
On Thu, 22 Dec 2016 00:10:15 +0800
Jike Song <jike.song@intel.com> wrote:

> has_capability() is sometimes needed by modules to test capability
> for specified task other than current, so export it.
> 
> Cc: Alex Williamson <alex.williamson@redhat.com>
> Cc: Kirti Wankhede <kwankhede@nvidia.com>
> Signed-off-by: Jike Song <jike.song@intel.com>
> ---
>  kernel/capability.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/kernel/capability.c b/kernel/capability.c
> index 4984e1f..e2e198c 100644
> --- a/kernel/capability.c
> +++ b/kernel/capability.c
> @@ -318,6 +318,7 @@ bool has_capability(struct task_struct *t, int cap)
>  {
>  	return has_ns_capability(t, &init_user_ns, cap);
>  }
> +EXPORT_SYMBOL(has_capability);
>  
>  /**
>   * has_ns_capability_noaudit - Does a task have a capability (unaudited)

Are we using EXPORT_SYMBOL vs EXPORT_SYMBOL_GPL here to match the other
exports in this file?  We could use _GPL to match the expected caller
of this.


Serge,

Do you have any comments on this patch?  I'd be happy to pull it
through the vfio tree with an appropriate Ack.  Thanks,

Alex
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Jike Song Jan. 12, 2017, 12:56 a.m. UTC | #2
On 01/12/2017 02:47 AM, Alex Williamson wrote:
> On Thu, 22 Dec 2016 00:10:15 +0800
> Jike Song <jike.song@intel.com> wrote:
> 
>> has_capability() is sometimes needed by modules to test capability
>> for specified task other than current, so export it.
>>
>> Cc: Alex Williamson <alex.williamson@redhat.com>
>> Cc: Kirti Wankhede <kwankhede@nvidia.com>
>> Signed-off-by: Jike Song <jike.song@intel.com>
>> ---
>>  kernel/capability.c | 1 +
>>  1 file changed, 1 insertion(+)
>>
>> diff --git a/kernel/capability.c b/kernel/capability.c
>> index 4984e1f..e2e198c 100644
>> --- a/kernel/capability.c
>> +++ b/kernel/capability.c
>> @@ -318,6 +318,7 @@ bool has_capability(struct task_struct *t, int cap)
>>  {
>>  	return has_ns_capability(t, &init_user_ns, cap);
>>  }
>> +EXPORT_SYMBOL(has_capability);
>>  
>>  /**
>>   * has_ns_capability_noaudit - Does a task have a capability (unaudited)
> 
> Are we using EXPORT_SYMBOL vs EXPORT_SYMBOL_GPL here to match the other
> exports in this file?  We could use _GPL to match the expected caller
> of this.
> 

Yes, I chose EXPORT_SYMBOL to match the existing exports in capability.c.
Either is good to me, of course :)

> 
> Serge,
> 
> Do you have any comments on this patch?  I'd be happy to pull it
> through the vfio tree with an appropriate Ack.  Thanks,

Guess Serge still on Xmas vocation? :)

--
Thanks,
Jike
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Serge E. Hallyn Jan. 12, 2017, 6:45 a.m. UTC | #3
On Wed, Jan 11, 2017 at 01:47:01PM -0500, Alex Williamson wrote:
> On Thu, 22 Dec 2016 00:10:15 +0800
> Jike Song <jike.song@intel.com> wrote:
> 
> > has_capability() is sometimes needed by modules to test capability
> > for specified task other than current, so export it.
> > 
> > Cc: Alex Williamson <alex.williamson@redhat.com>
> > Cc: Kirti Wankhede <kwankhede@nvidia.com>
> > Signed-off-by: Jike Song <jike.song@intel.com>
> > ---
> >  kernel/capability.c | 1 +
> >  1 file changed, 1 insertion(+)
> > 
> > diff --git a/kernel/capability.c b/kernel/capability.c
> > index 4984e1f..e2e198c 100644
> > --- a/kernel/capability.c
> > +++ b/kernel/capability.c
> > @@ -318,6 +318,7 @@ bool has_capability(struct task_struct *t, int cap)
> >  {
> >  	return has_ns_capability(t, &init_user_ns, cap);
> >  }
> > +EXPORT_SYMBOL(has_capability);
> >  
> >  /**
> >   * has_ns_capability_noaudit - Does a task have a capability (unaudited)
> 
> Are we using EXPORT_SYMBOL vs EXPORT_SYMBOL_GPL here to match the other
> exports in this file?  We could use _GPL to match the expected caller
> of this.
> 
> 
> Serge,
> 
> Do you have any comments on this patch?  I'd be happy to pull it
> through the vfio tree with an appropriate Ack.  Thanks,

Sure, thanks, looks good to me.

Acked-by: Serge Hallyn <serge@hallyn.com>

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch
diff mbox

diff --git a/kernel/capability.c b/kernel/capability.c
index 4984e1f..e2e198c 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -318,6 +318,7 @@  bool has_capability(struct task_struct *t, int cap)
 {
 	return has_ns_capability(t, &init_user_ns, cap);
 }
+EXPORT_SYMBOL(has_capability);
 
 /**
  * has_ns_capability_noaudit - Does a task have a capability (unaudited)