* Patrick McHardy (kaber@xxxxxxxxx) wrote: > commit 8ff259625f0ab295fa085b0718eed13093813fbc > Author: Patrick McHardy <kaber@xxxxxxxxx> > Date: Thu Mar 3 10:17:31 2011 +0100 > > netlink: kill eff_cap from struct netlink_skb_parms > > Netlink message processing in the kernel is synchronous these days, > capabilities can be checked directly in security_netlink_recv() from > the current process. > > Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx> Thanks for doing that Patrick. I looked at this earlier and thought there was still an async path, but I guess that's just to another userspace process. BTW, I think you missed a couple connector based callers: drivers/staging/pohmelfs/config.c: if (!cap_raised(nsp->eff_cap, CAP_SYS_AD drivers/video/uvesafb.c: if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN)) Fix those and: Acked-by: Chris Wright <chrisw@xxxxxxxxxxxx> Ideally, we'd consolidate those into a variant of security_netlink_recv(). However the issue is with types. Inside connector callback we only have netlink_skb_params (seems inapproriate to cast back out to skb). We could change the lsm hook to only pass nsp, but SELinux actually cares about the netlink type. Any ideas? -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel
