| Message ID | 1377169317-5959-9-git-send-email-jlee@suse.com (mailing list archive) |
|---|---|
| State | RFC, archived |
| Headers | show |
On Thu 2013-08-22 19:01:47, Lee, Chun-Yi wrote: > From: Matthew Garrett <mjg@redhat.com> > > Secure boot adds certain policy requirements, including that root must not > be able to do anything that could cause the kernel to execute arbitrary code. > The simplest way to handle this would seem to be to add a new capability > and gate various functionality on that. We'll then strip it from the initial > capability set if required. There was some discussion about this before, right? And I don't think conclusion was it was acceptable...? > Signed-off-by: Matthew Garrett <mjg@redhat.com> > Acked-by: Lee, Chun-Yi <jlee@suse.com> > Signed-off-by: Lee, Chun-Yi <jlee@suse.com> > --- > include/uapi/linux/capability.h | 6 +++++- > 1 files changed, 5 insertions(+), 1 deletions(-) > > diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h > index ba478fa..7109e65 100644 > --- a/include/uapi/linux/capability.h > +++ b/include/uapi/linux/capability.h > @@ -343,7 +343,11 @@ struct vfs_cap_data { > > #define CAP_BLOCK_SUSPEND 36 > > -#define CAP_LAST_CAP CAP_BLOCK_SUSPEND > +/* Allow things that trivially permit root to modify the running kernel */ > + > +#define CAP_COMPROMISE_KERNEL 37 > + > +#define CAP_LAST_CAP CAP_COMPROMISE_KERNEL > > #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP) >
diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h index ba478fa..7109e65 100644 --- a/include/uapi/linux/capability.h +++ b/include/uapi/linux/capability.h @@ -343,7 +343,11 @@ struct vfs_cap_data { #define CAP_BLOCK_SUSPEND 36 -#define CAP_LAST_CAP CAP_BLOCK_SUSPEND +/* Allow things that trivially permit root to modify the running kernel */ + +#define CAP_COMPROMISE_KERNEL 37 + +#define CAP_LAST_CAP CAP_COMPROMISE_KERNEL #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)