Commit b0fafa81 authored by David Howells's avatar David Howells Committed by James Morris

CRED: Wrap task credential accesses in the block loopback driver

Wrap access to task credentials so that they can be separated more easily from
the task_struct during the introduction of COW creds.

Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id().

Change some task->e?[ug]id to task_e?[ug]id().  In some places it makes more
sense to use RCU directly rather than a convenient wrapper; these will be
addressed by later patches.
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Reviewed-by: default avatarJames Morris <jmorris@namei.org>
Acked-by: default avatarSerge Hallyn <serue@us.ibm.com>
Cc: Jens Axboe <axboe@kernel.dk>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 350b4da7
...@@ -936,8 +936,10 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info) ...@@ -936,8 +936,10 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info)
{ {
int err; int err;
struct loop_func_table *xfer; struct loop_func_table *xfer;
uid_t uid = current_uid();
if (lo->lo_encrypt_key_size && lo->lo_key_owner != current->uid && if (lo->lo_encrypt_key_size &&
lo->lo_key_owner != uid &&
!capable(CAP_SYS_ADMIN)) !capable(CAP_SYS_ADMIN))
return -EPERM; return -EPERM;
if (lo->lo_state != Lo_bound) if (lo->lo_state != Lo_bound)
...@@ -992,7 +994,7 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info) ...@@ -992,7 +994,7 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info)
if (info->lo_encrypt_key_size) { if (info->lo_encrypt_key_size) {
memcpy(lo->lo_encrypt_key, info->lo_encrypt_key, memcpy(lo->lo_encrypt_key, info->lo_encrypt_key,
info->lo_encrypt_key_size); info->lo_encrypt_key_size);
lo->lo_key_owner = current->uid; lo->lo_key_owner = uid;
} }
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment