tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

kernel/ksysfs.c: expose file_caps_enabled in sysfs

A kernel booted with no_file_caps allows to install fscaps on a binary
but doesn't actually honor the fscaps when running the binary. Userspace
currently has no sane way to determine whether installing fscaps
actually has any effect. Since parsing /proc/cmdline is fragile this
patch exposes the current setting (1 or 0) via /sys/kernel/fscaps

Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

authored by

Ludwig Nussel and committed by
Greg Kroah-Hartman 088ab0b4 aed65af1

+18
+8
Documentation/ABI/testing/sysfs-kernel-fscaps
··· 1 + What: /sys/kernel/fscaps 2 + Date: February 2011 3 + KernelVersion: 2.6.38 4 + Contact: Ludwig Nussel <ludwig.nussel@suse.de> 5 + Description 6 + Shows whether file system capabilities are honored 7 + when executing a binary 8 +
+10
kernel/ksysfs.c
··· 16 16 #include <linux/kexec.h> 17 17 #include <linux/profile.h> 18 18 #include <linux/sched.h> 19 + #include <linux/capability.h> 19 20 20 21 #define KERNEL_ATTR_RO(_name) \ 21 22 static struct kobj_attribute _name##_attr = __ATTR_RO(_name) ··· 132 131 133 132 #endif /* CONFIG_KEXEC */ 134 133 134 + /* whether file capabilities are enabled */ 135 + static ssize_t fscaps_show(struct kobject *kobj, 136 + struct kobj_attribute *attr, char *buf) 137 + { 138 + return sprintf(buf, "%d\n", file_caps_enabled); 139 + } 140 + KERNEL_ATTR_RO(fscaps); 141 + 135 142 /* 136 143 * Make /sys/kernel/notes give the raw contents of our kernel .notes section. 137 144 */ ··· 167 158 EXPORT_SYMBOL_GPL(kernel_kobj); 168 159 169 160 static struct attribute * kernel_attrs[] = { 161 + &fscaps_attr.attr, 170 162 #if defined(CONFIG_HOTPLUG) 171 163 &uevent_seqnum_attr.attr, 172 164 &uevent_helper_attr.attr,