Re: [PATCH resend] define convenient securebits masks for prctlusers
From: Stephen Rothwell
Date: Wed Oct 28 2009 - 22:33:22 EST
Hi Serge,
On Wed, 28 Oct 2009 09:02:36 -0500 "Serge E. Hallyn" <serue@xxxxxxxxxx> wrote:
>
> [ Are there any objections to exporting securebits.h? If not,
> can this patch be pushed to linux-next? ]
I am not sure which tree this belongs in? Maybe security-testing (James
cc'd)?
> diff --git a/include/linux/securebits.h b/include/linux/securebits.h
> index d2c5ed8..9ad109e 100644
> --- a/include/linux/securebits.h
> +++ b/include/linux/securebits.h
> @@ -1,6 +1,13 @@
> #ifndef _LINUX_SECUREBITS_H
> #define _LINUX_SECUREBITS_H 1
>
> +/* Each securesetting is implemented using two bits. One bit specifies
> + whether the setting is on or off. The other bit specify whether the
> + setting is locked or not. A setting which is locked cannot be
> + changed from user-level. */
> +#define issecure_mask(X) (1 << (X))
> +#define issecure(X) (issecure_mask(X) & current_cred_xxx(securebits))
You want this second define protected by ifdef __KERNEL__ ...
--
Cheers,
Stephen Rothwell sfr@xxxxxxxxxxxxxxxx
http://www.canb.auug.org.au/~sfr/
Attachment:
pgp00000.pgp
Description: PGP signature