diff --git a/libcfs/include/libcfs/curproc.h b/libcfs/include/libcfs/curproc.h
index 518fbd403c4a9113f50b07bb2bec1653e6c00648..b79caf1929f0cd29bfb625100e1cfad369a4c910 100644
--- a/libcfs/include/libcfs/curproc.h
+++ b/libcfs/include/libcfs/curproc.h
@@ -70,10 +70,37 @@ char *cfs_curproc_comm(void);
*
* cfs_kernel_cap_t
*/
-cfs_kernel_cap_t cfs_curproc_cap_get(void);
-void cfs_curproc_cap_set(cfs_kernel_cap_t cap);
#endif
+typedef __u32 cfs_cap_t;
+
+#define CFS_CAP_CHOWN 0
+#define CFS_CAP_DAC_OVERRIDE 1
+#define CFS_CAP_DAC_READ_SEARCH 2
+#define CFS_CAP_FOWNER 3
+#define CFS_CAP_FSETID 4
+#define CFS_CAP_LINUX_IMMUTABLE 9
+#define CFS_CAP_SYS_ADMIN 21
+#define CFS_CAP_SYS_BOOT 23
+#define CFS_CAP_SYS_RESOURCE 24
+
+#define CFS_CAP_FS_MASK ((1 << CFS_CAP_CHOWN) | \
+ (1 << CFS_CAP_DAC_OVERRIDE) | \
+ (1 << CFS_CAP_DAC_READ_SEARCH) | \
+ (1 << CFS_CAP_FOWNER) | \
+ (1 << CFS_CAP_FSETID ) | \
+ (1 << CFS_CAP_LINUX_IMMUTABLE) | \
+ (1 << CFS_CAP_SYS_ADMIN) | \
+ (1 << CFS_CAP_SYS_BOOT) | \
+ (1 << CFS_CAP_SYS_RESOURCE))
+
+void cfs_cap_raise(cfs_cap_t cap);
+void cfs_cap_lower(cfs_cap_t cap);
+int cfs_cap_raised(cfs_cap_t cap);
+cfs_cap_t cfs_curproc_cap_pack(void);
+void cfs_curproc_cap_unpack(cfs_cap_t cap);
+int cfs_capable(cfs_cap_t cap);
+
/* __LIBCFS_CURPROC_H__ */
#endif
/*
diff --git a/libcfs/include/libcfs/darwin/darwin-prim.h b/libcfs/include/libcfs/darwin/darwin-prim.h
index 966af967492b195b6b67e815305693c1d1f58c51..2b877def18785653d2c9c4467b646ede20d6b9ee 100644
--- a/libcfs/include/libcfs/darwin/darwin-prim.h
+++ b/libcfs/include/libcfs/darwin/darwin-prim.h
@@ -437,10 +437,6 @@ extern int is_suser(void);
#define lock_kernel() do {} while(0)
#define unlock_kernel() do {} while(0)
-#define CAP_SYS_BOOT 0
-#define CAP_SYS_ADMIN 1
-#define capable(a) ((a) == CAP_SYS_BOOT ? is_suser(): is_suser1())
-
#define USERMODEHELPER(path, argv, envp) (0)
#define cfs_module(name, version, init, fini) \
diff --git a/libcfs/include/libcfs/darwin/libcfs.h b/libcfs/include/libcfs/darwin/libcfs.h
index bd2e0016c75a2db605d325fad1ecbb8ff198c982..ee7b181f7ec7aabc2b891430535a572366fc12dc 100644
--- a/libcfs/include/libcfs/darwin/libcfs.h
+++ b/libcfs/include/libcfs/darwin/libcfs.h
@@ -190,7 +190,7 @@ __entry_nesting(&__cdd);
/*
* XNU has no capabilities
*/
-typedef int cfs_kernel_cap_t;
+typedef __u32 cfs_kernel_cap_t;
#ifdef __KERNEL__
enum {
diff --git a/libcfs/include/libcfs/winnt/winnt-prim.h b/libcfs/include/libcfs/winnt/winnt-prim.h
index c1ed6ff4139e74d6597b814ddbf766327910d6c4..87f905b3e34ec7b2e3c55facefcb10fa53b45ae0 100644
--- a/libcfs/include/libcfs/winnt/winnt-prim.h
+++ b/libcfs/include/libcfs/winnt/winnt-prim.h
@@ -708,11 +708,6 @@ libcfs_arch_cleanup(void);
#define lock_kernel() do {} while(0)
#define unlock_kernel() do {} while(0)
-#define CAP_SYS_ADMIN 0
-#define CAP_SYS_ROOT 1
-
-#define capable(a) (TRUE)
-
#define USERMODEHELPER(path, argv, envp) (0)
diff --git a/libcfs/libcfs/darwin/darwin-curproc.c b/libcfs/libcfs/darwin/darwin-curproc.c
index 7e3ca1dbad6ca3f9c8e2d77d2c008096f965d2e0..be3790765b5e92367a6f6b5443e188a348c3cdb3 100644
--- a/libcfs/libcfs/darwin/darwin-curproc.c
+++ b/libcfs/libcfs/darwin/darwin-curproc.c
@@ -163,16 +163,25 @@ char *cfs_curproc_comm(void)
#endif
}
-cfs_kernel_cap_t cfs_curproc_cap_get(void)
+void cfs_cap_raise(cfs_cap_t cap) {}
+void cfs_cap_lower(cfs_cap_t cap) {}
+
+int cfs_cap_raised(cfs_cap_t cap)
{
+ return 1;
+}
+
+cfs_cap_t cfs_curproc_cap_pack(void) {
return -1;
}
-void cfs_curproc_cap_set(cfs_kernel_cap_t cap)
-{
- return;
+void cfs_curproc_cap_unpack(cfs_cap_t cap) {
}
+int cfs_capable(cfs_cap_t cap)
+{
+ return cap == CFS_CAP_SYS_BOOT ? is_suser(): is_suser1();
+}
/*
* Local variables:
diff --git a/libcfs/libcfs/linux/linux-curproc.c b/libcfs/libcfs/linux/linux-curproc.c
index 391f6246cd17dfd9abdf662525f9a3f6745d03d3..eb12dae5463b8e02b7039b65cdef524087fce006 100644
--- a/libcfs/libcfs/linux/linux-curproc.c
+++ b/libcfs/libcfs/linux/linux-curproc.c
@@ -120,14 +120,48 @@ char *cfs_curproc_comm(void)
return current->comm;
}
-cfs_kernel_cap_t cfs_curproc_cap_get(void)
+/* Currently all the CFS_CAP_* defines match CAP_* ones. */
+#define cfs_cap_pack(cap) (cap)
+#define cfs_cap_unpack(cap) (cap)
+
+void cfs_cap_raise(cfs_cap_t cap)
+{
+ cap_raise(cfs_current()->cap_effective, cfs_cap_unpack(cap));
+}
+
+void cfs_cap_lower(cfs_cap_t cap)
{
- return current->cap_effective;
+ cap_lower(cfs_current()->cap_effective, cfs_cap_unpack(cap));
+}
+
+int cfs_cap_raised(cfs_cap_t cap)
+{
+ return cap_raised(cfs_current()->cap_effective, cfs_cap_unpack(cap));
+}
+
+cfs_cap_t cfs_curproc_cap_pack(void) {
+#if _LINUX_CAPABILITY_VERSION == 0x19980330
+ return cfs_cap_pack(current->cap_effective);
+#elif _LINUX_CAPABILITY_VERSION == 0x20071026
+ return cfs_cap_pack(current->cap_effective[0]);
+#else
+ #error "need correct _LINUX_CAPABILITY_VERSION "
+#endif
+}
+
+void cfs_curproc_cap_unpack(cfs_cap_t cap) {
+#if _LINUX_CAPABILITY_VERSION == 0x19980330
+ current->cap_effective = cfs_cap_unpack(cap);
+#elif _LINUX_CAPABILITY_VERSION == 0x20071026
+ current->cap_effective[0] = cfs_cap_unpack(cap);
+#else
+ #error "need correct _LINUX_CAPABILITY_VERSION "
+#endif
}
-void cfs_curproc_cap_set(cfs_kernel_cap_t cap)
+int cfs_capable(cfs_cap_t cap)
{
- current->cap_effective = cap;
+ return capable(cfs_cap_unpack(cap));
}
EXPORT_SYMBOL(cfs_curproc_uid);
@@ -140,8 +174,12 @@ EXPORT_SYMBOL(cfs_curproc_comm);
EXPORT_SYMBOL(cfs_curproc_groups_nr);
EXPORT_SYMBOL(cfs_curproc_groups_dump);
EXPORT_SYMBOL(cfs_curproc_is_in_groups);
-EXPORT_SYMBOL(cfs_curproc_cap_get);
-EXPORT_SYMBOL(cfs_curproc_cap_set);
+EXPORT_SYMBOL(cfs_cap_raise);
+EXPORT_SYMBOL(cfs_cap_lower);
+EXPORT_SYMBOL(cfs_cap_raised);
+EXPORT_SYMBOL(cfs_curproc_cap_pack);
+EXPORT_SYMBOL(cfs_curproc_cap_unpack);
+EXPORT_SYMBOL(cfs_capable);
/*
* Local variables:
diff --git a/libcfs/libcfs/linux/linux-module.c b/libcfs/libcfs/linux/linux-module.c
index 998162a469b7a1d54f9fa35ed14e1990c872aeb2..88eab3ea54b495d0bcb1e9b7187d25f4e37fbc98 100644
--- a/libcfs/libcfs/linux/linux-module.c
+++ b/libcfs/libcfs/linux/linux-module.c
@@ -152,12 +152,12 @@ libcfs_ioctl(struct inode *inode, struct file *file,
/* Handle platform-dependent IOC requests */
switch (cmd) {
case IOC_LIBCFS_PANIC:
- if (!capable (CAP_SYS_BOOT))
+ if (!cfs_capable(CFS_CAP_SYS_BOOT))
return (-EPERM);
panic("debugctl-invoked panic");
return (0);
case IOC_LIBCFS_MEMHOG:
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
return -EPERM;
/* go thought */
}
diff --git a/libcfs/libcfs/lwt.c b/libcfs/libcfs/lwt.c
index ca9e7e4841cc81a6ca217fd33f519c2d04154e74..325785b633a67267549da420b6b50360c318fc14 100644
--- a/libcfs/libcfs/lwt.c
+++ b/libcfs/libcfs/lwt.c
@@ -86,7 +86,7 @@ lwt_lookup_string (int *size, char *knl_ptr,
* trying to determine the string length, so we're trusting our
* caller... */
- if (!capable(CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
return (-EPERM);
if (user_size > 0 &&
@@ -117,7 +117,7 @@ lwt_control (int enable, int clear)
int i;
int j;
- if (!capable(CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
return (-EPERM);
if (!enable) {
@@ -164,7 +164,7 @@ lwt_snapshot (cycles_t *now, int *ncpu, int *total_size,
int i;
int j;
- if (!capable(CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
return (-EPERM);
*ncpu = num_online_cpus();
diff --git a/libcfs/libcfs/winnt/winnt-curproc.c b/libcfs/libcfs/winnt/winnt-curproc.c
index 9efcdc18fb134542db634fb498390cc70f2a53d6..7e6f394f244ff46a94efdac9c119fac68791f069 100644
--- a/libcfs/libcfs/winnt/winnt-curproc.c
+++ b/libcfs/libcfs/winnt/winnt-curproc.c
@@ -106,16 +106,33 @@ char *cfs_curproc_comm(void)
return this_task.comm;
}
-cfs_kernel_cap_t cfs_curproc_cap_get(void)
+void cfs_cap_raise(cfs_cap_t cap)
{
- return this_task.cap_effective;
+ this_task.cap_effective |= (1 << cap);
}
-void cfs_curproc_cap_set(cfs_kernel_cap_t cap)
+void cfs_cap_lower(cfs_cap_t cap)
{
- this_task.cap_effective = cap;
+ this_task.cap_effective &= ~(1 << cap);
}
+int cfs_cap_raised(cfs_cap_t cap)
+{
+ return this_task.cap_effective & (1 << cap);
+}
+
+cfs_cap_t cfs_curproc_cap_pack(void) {
+ return this_task.cap_effective;
+}
+
+void cfs_curproc_cap_unpack(cfs_cap_t cap) {
+ this_task.cap_effective = cap;
+}
+
+int cfs_capable(cfs_cap_t cap)
+{
+ return TRUE;
+}
/*
* Implementation of linux task management routines
@@ -468,5 +485,9 @@ EXPORT_SYMBOL(cfs_curproc_comm);
EXPORT_SYMBOL(cfs_curproc_groups_nr);
EXPORT_SYMBOL(cfs_curproc_groups_dump);
EXPORT_SYMBOL(cfs_curproc_is_in_groups);
-EXPORT_SYMBOL(cfs_curproc_cap_get);
-EXPORT_SYMBOL(cfs_curproc_cap_set);
+EXPORT_SYMBOL(cfs_cap_raise);
+EXPORT_SYMBOL(cfs_cap_lower);
+EXPORT_SYMBOL(cfs_cap_raised);
+EXPORT_SYMBOL(cfs_curproc_cap_pack);
+EXPORT_SYMBOL(cfs_curproc_cap_unpack);
+EXPORT_SYMBOL(cfs_capable);
diff --git a/libcfs/libcfs/winnt/winnt-module.c b/libcfs/libcfs/winnt/winnt-module.c
index bc5de9e73a7a2aefca284edf7fe56d93c139ea65..ac255bae366cdccd44d8e65b28ce424614f5352d 100644
--- a/libcfs/libcfs/winnt/winnt-module.c
+++ b/libcfs/libcfs/winnt/winnt-module.c
@@ -137,7 +137,7 @@ libcfs_ioctl(cfs_file_t * file, unsigned int cmd, ulong_ptr arg)
/* Handle platform-dependent IOC requests */
switch (cmd) {
case IOC_LIBCFS_PANIC:
- if (!capable (CAP_SYS_BOOT))
+ if (!cfs_capable(CFS_CAP_SYS_BOOT))
return (-EPERM);
CERROR(("debugctl-invoked panic"));
KeBugCheckEx('LUFS', (ULONG_PTR)libcfs_ioctl, (ULONG_PTR)NULL, (ULONG_PTR)NULL, (ULONG_PTR)NULL);
@@ -145,7 +145,7 @@ libcfs_ioctl(cfs_file_t * file, unsigned int cmd, ulong_ptr arg)
return (0);
case IOC_LIBCFS_MEMHOG:
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
return -EPERM;
break;
}
diff --git a/lustre/cmm/mdc_object.c b/lustre/cmm/mdc_object.c
index 94d57d3c9947035e6501fb20b52b52927d6fa0e8..edc2fb6215ca6421b52fbd063591eef779c91fe1 100644
--- a/lustre/cmm/mdc_object.c
+++ b/lustre/cmm/mdc_object.c
@@ -293,7 +293,7 @@ static int mdc_attr_set(const struct lu_env *env, struct md_object *mo,
} else {
mci->mci_opdata.op_fsuid = la->la_uid;
mci->mci_opdata.op_fsgid = la->la_gid;
- mci->mci_opdata.op_cap = current->cap_effective;
+ mci->mci_opdata.op_cap = cfs_curproc_cap_pack();
mci->mci_opdata.op_suppgids[0] =
mci->mci_opdata.op_suppgids[1] = -1;
}
@@ -319,7 +319,7 @@ static int mdc_object_create(const struct lu_env *env,
int rc, symlen;
uid_t uid;
gid_t gid;
- __u32 cap;
+ cfs_cap_t cap;
ENTRY;
LASSERT(S_ISDIR(la->la_mode));
@@ -415,7 +415,7 @@ static int mdc_ref_add(const struct lu_env *env, struct md_object *mo,
} else {
mci->mci_opdata.op_fsuid = la->la_uid;
mci->mci_opdata.op_fsgid = la->la_gid;
- mci->mci_opdata.op_cap = current->cap_effective;
+ mci->mci_opdata.op_cap = cfs_curproc_cap_pack();
mci->mci_opdata.op_suppgids[0] =
mci->mci_opdata.op_suppgids[1] = -1;
}
@@ -459,7 +459,7 @@ static int mdc_ref_del(const struct lu_env *env, struct md_object *mo,
} else {
mci->mci_opdata.op_fsuid = la->la_uid;
mci->mci_opdata.op_fsgid = la->la_gid;
- mci->mci_opdata.op_cap = current->cap_effective;
+ mci->mci_opdata.op_cap = cfs_curproc_cap_pack();
mci->mci_opdata.op_suppgids[0] = -1;
}
@@ -535,7 +535,7 @@ static int mdc_rename_tgt(const struct lu_env *env, struct md_object *mo_p,
} else {
mci->mci_opdata.op_fsuid = la->la_uid;
mci->mci_opdata.op_fsgid = la->la_gid;
- mci->mci_opdata.op_cap = current->cap_effective;
+ mci->mci_opdata.op_cap = cfs_curproc_cap_pack();
mci->mci_opdata.op_suppgids[0] =
mci->mci_opdata.op_suppgids[1] = -1;
}
diff --git a/lustre/include/darwin/lvfs.h b/lustre/include/darwin/lvfs.h
index bda6594f1450f3250272fad8b195263cc561c5f8..a465578a0c3068c7620f98b0ab24beed55b6771e 100644
--- a/lustre/include/darwin/lvfs.h
+++ b/lustre/include/darwin/lvfs.h
@@ -48,7 +48,7 @@
struct lvfs_ucred {
__u32 luc_fsuid;
__u32 luc_fsgid;
- __u32 luc_cap;
+ cfs_kernel_cap_t luc_cap;
__u32 luc_uid;
__u32 luc_umask;
};
diff --git a/lustre/include/liblustre.h b/lustre/include/liblustre.h
index b62b08a7674a76b923438cf77ef3d383f095c463..7539c0a06be3f93177a73cceeb80de13e4613990 100644
--- a/lustre/include/liblustre.h
+++ b/lustre/include/liblustre.h
@@ -261,13 +261,6 @@ typedef struct task_struct cfs_task_t;
extern struct task_struct *current;
int in_group_p(gid_t gid);
-static inline int capable(int cap)
-{
- if (current->cap_effective & (1 << cap))
- return 1;
- else
- return 0;
-}
#define set_current_state(foo) do { current->state = foo; } while (0)
@@ -403,12 +396,6 @@ typedef enum {
CAP_SET=1
} cap_flag_value_t;
-#define CAP_DAC_OVERRIDE 1
-#define CAP_DAC_READ_SEARCH 2
-#define CAP_FOWNER 3
-#define CAP_FSETID 4
-#define CAP_SYS_ADMIN 21
-
cap_t cap_get_proc(void);
int cap_get_flag(cap_t, cap_value_t, cap_flag_t, cap_flag_value_t *);
diff --git a/lustre/include/linux/lvfs.h b/lustre/include/linux/lvfs.h
index 335373af2ba58bfd35652c1b1556cce238565b77..26959b526c80d906578ec661158c537568ea0628 100644
--- a/lustre/include/linux/lvfs.h
+++ b/lustre/include/linux/lvfs.h
@@ -62,7 +62,7 @@ struct lvfs_ucred {
__u32 luc_gid;
__u32 luc_fsuid;
__u32 luc_fsgid;
- __u32 luc_cap;
+ cfs_kernel_cap_t luc_cap;
__u32 luc_umask;
struct group_info *luc_ginfo;
struct md_identity *luc_identity;
diff --git a/lustre/include/lustre_log.h b/lustre/include/lustre_log.h
index 66ebc179b5ea5febe7f3678d71ca3bc4457de969..1ec438487754d2418179553c8b5eeeebd3acf24e 100644
--- a/lustre/include/lustre_log.h
+++ b/lustre/include/lustre_log.h
@@ -333,14 +333,6 @@ extern int llog_recov_thread_start(struct llog_commit_master *lcm);
extern void llog_recov_thread_stop(struct llog_commit_master *lcm,
int force);
-#ifndef __KERNEL__
-
-#define cap_raise(c, flag) do {} while(0)
-
-#define CAP_SYS_RESOURCE 24
-
-#endif /* !__KERNEL__ */
-
static inline void llog_gen_init(struct llog_ctxt *ctxt)
{
struct obd_device *obd = ctxt->loc_exp->exp_obd;
@@ -488,8 +480,7 @@ static inline int llog_write_rec(struct llog_handle *handle,
int numcookies, void *buf, int idx)
{
struct llog_operations *lop;
- __u32 cap;
- int rc, buflen;
+ int raised, rc, buflen;
ENTRY;
rc = llog_handle2ops(handle, &lop);
@@ -506,10 +497,12 @@ static inline int llog_write_rec(struct llog_handle *handle,
buflen = rec->lrh_len;
LASSERT(size_round(buflen) == buflen);
- cap = current->cap_effective;
- cap_raise(current->cap_effective, CAP_SYS_RESOURCE);
+ raised = cfs_cap_raised(CFS_CAP_SYS_RESOURCE);
+ if (!raised)
+ cfs_cap_raise(CFS_CAP_SYS_RESOURCE);
rc = lop->lop_write_rec(handle, rec, logcookies, numcookies, buf, idx);
- current->cap_effective = cap;
+ if (!raised)
+ cfs_cap_lower(CFS_CAP_SYS_RESOURCE);
RETURN(rc);
}
@@ -605,8 +598,7 @@ static inline int llog_create(struct llog_ctxt *ctxt, struct llog_handle **res,
struct llog_logid *logid, char *name)
{
struct llog_operations *lop;
- __u32 cap;
- int rc;
+ int raised, rc;
ENTRY;
rc = llog_obd2ops(ctxt, &lop);
@@ -615,10 +607,12 @@ static inline int llog_create(struct llog_ctxt *ctxt, struct llog_handle **res,
if (lop->lop_create == NULL)
RETURN(-EOPNOTSUPP);
- cap = current->cap_effective;
- cap_raise(current->cap_effective, CAP_SYS_RESOURCE);
+ raised = cfs_cap_raised(CFS_CAP_SYS_RESOURCE);
+ if (!raised)
+ cfs_cap_raise(CFS_CAP_SYS_RESOURCE);
rc = lop->lop_create(ctxt, res, logid, name);
- current->cap_effective = cap;
+ if (!raised)
+ cfs_cap_lower(CFS_CAP_SYS_RESOURCE);
RETURN(rc);
}
diff --git a/lustre/include/md_object.h b/lustre/include/md_object.h
index b543013b00a56ce3c48a1b7cf75880f823849fdd..ceb85a852ac27a6dade46cae4e2e3486ccd9e908 100644
--- a/lustre/include/md_object.h
+++ b/lustre/include/md_object.h
@@ -81,7 +81,7 @@ struct md_ucred {
__u32 mu_fsuid;
__u32 mu_fsgid;
__u32 mu_suppgids[2];
- __u32 mu_cap;
+ cfs_cap_t mu_cap;
__u32 mu_umask;
struct group_info *mu_ginfo;
struct md_identity *mu_identity;
diff --git a/lustre/include/obd.h b/lustre/include/obd.h
index 54e7e924aa67d06081035d85181d3682e9f23570..109c9af858bed0eb2c3c2747397f12a2f5b8d0b8 100644
--- a/lustre/include/obd.h
+++ b/lustre/include/obd.h
@@ -1094,7 +1094,7 @@ struct md_op_data {
__u32 op_suppgids[2];
__u32 op_fsuid;
__u32 op_fsgid;
- __u32 op_cap;
+ cfs_cap_t op_cap;
void *op_data;
/* iattr fields and blocks. */
@@ -1400,7 +1400,7 @@ struct md_ops {
int (*m_close)(struct obd_export *, struct md_op_data *,
struct md_open_data *, struct ptlrpc_request **);
int (*m_create)(struct obd_export *, struct md_op_data *,
- const void *, int, int, __u32, __u32, __u32,
+ const void *, int, int, __u32, __u32, cfs_cap_t,
__u64, struct ptlrpc_request **);
int (*m_done_writing)(struct obd_export *, struct md_op_data *,
struct md_open_data *);
diff --git a/lustre/include/obd_class.h b/lustre/include/obd_class.h
index 0fa132c68389997b5e285067439dfdfc899bf0e0..8a73f272be08f4dfe5af97495f10bcb3a801d85a 100644
--- a/lustre/include/obd_class.h
+++ b/lustre/include/obd_class.h
@@ -1855,7 +1855,7 @@ static inline int md_close(struct obd_export *exp, struct md_op_data *op_data,
static inline int md_create(struct obd_export *exp, struct md_op_data *op_data,
const void *data, int datalen, int mode, __u32 uid,
- __u32 gid, __u32 cap_effective, __u64 rdev,
+ __u32 gid, cfs_cap_t cap_effective, __u64 rdev,
struct ptlrpc_request **request)
{
int rc;
diff --git a/lustre/liblustre/lutil.c b/lustre/liblustre/lutil.c
index 1a832bba8c118841bcbc045c94abf083b127be1a..0de50cf72c56e3c68bdce0b4f14ef78d173aa2da 100644
--- a/lustre/liblustre/lutil.c
+++ b/lustre/liblustre/lutil.c
@@ -228,6 +228,34 @@ int liblustre_init_current(char *comm)
return 0;
}
+void cfs_cap_raise(cfs_cap_t cap)
+{
+ current->cap_effective |= (1 << cap);
+}
+
+void cfs_cap_lower(cfs_cap_t cap)
+{
+ current->cap_effective &= ~(1 << cap);
+}
+
+int cfs_cap_raised(cfs_cap_t cap)
+{
+ return current->cap_effective & (1 << cap);
+}
+
+cfs_cap_t cfs_curproc_cap_pack(void) {
+ return cfs_current()->cap_effective;
+}
+
+void cfs_curproc_cap_unpack(cfs_cap_t cap) {
+ cfs_current()->cap_effective = cap;
+}
+
+int cfs_capable(cfs_cap_t cap)
+{
+ return cfs_cap_raised(cap);
+}
+
int init_lib_portals()
{
int rc;
diff --git a/lustre/liblustre/super.c b/lustre/liblustre/super.c
index 4c9aaad05b58a2473a54127853826257f8fafdbd..552a5869b9107b549ce3622d79e651a5d935192d 100644
--- a/lustre/liblustre/super.c
+++ b/lustre/liblustre/super.c
@@ -92,12 +92,12 @@ static int ll_permission(struct inode *inode, int mask)
if ((mask & (MAY_READ|MAY_WRITE)) ||
(st->st_mode & S_IXUGO))
- if (capable(CAP_DAC_OVERRIDE))
+ if (cfs_capable(CFS_CAP_DAC_OVERRIDE))
return 0;
if (mask == MAY_READ ||
(S_ISDIR(st->st_mode) && !(mask & MAY_WRITE))) {
- if (capable(CAP_DAC_READ_SEARCH))
+ if (cfs_capable(CFS_CAP_DAC_READ_SEARCH))
return 0;
}
@@ -635,7 +635,7 @@ static int inode_setattr(struct inode * inode, struct iattr * attr)
st->st_ctime = attr->ia_ctime;
if (ia_valid & ATTR_MODE) {
st->st_mode = attr->ia_mode;
- if (!in_group_p(st->st_gid) && !capable(CAP_FSETID))
+ if (!in_group_p(st->st_gid) && !cfs_capable(CFS_CAP_FSETID))
st->st_mode &= ~S_ISGID;
}
/* mark_inode_dirty(inode); */
@@ -821,7 +821,7 @@ int llu_setattr_raw(struct inode *inode, struct iattr *attr)
} else {
/* from inode_change_ok() */
if (current->fsuid != st->st_uid &&
- !capable(CAP_FOWNER))
+ !cfs_capable(CFS_CAP_FOWNER))
RETURN(-EPERM);
}
}
@@ -979,10 +979,9 @@ static int llu_iop_symlink_raw(struct pnode *pno, const char *tgt)
llu_prep_md_op_data(&op_data, dir, NULL, name, len, 0,
LUSTRE_OPC_SYMLINK);
- err = md_create(sbi->ll_md_exp, &op_data,
- tgt, strlen(tgt) + 1, S_IFLNK | S_IRWXUGO,
- current->fsuid, current->fsgid, current->cap_effective,
- 0, &request);
+ err = md_create(sbi->ll_md_exp, &op_data, tgt, strlen(tgt) + 1,
+ S_IFLNK | S_IRWXUGO, current->fsuid, current->fsgid,
+ cfs_curproc_cap_pack(), 0, &request);
ptlrpc_req_finished(request);
liblustre_wait_event(0);
RETURN(err);
@@ -1108,7 +1107,7 @@ static int llu_iop_mknod_raw(struct pnode *pno,
err = md_create(sbi->ll_md_exp, &op_data, NULL, 0, mode,
current->fsuid, current->fsgid,
- current->cap_effective, dev, &request);
+ cfs_curproc_cap_pack(), dev, &request);
ptlrpc_req_finished(request);
break;
case S_IFDIR:
@@ -1343,7 +1342,7 @@ static int llu_iop_mkdir_raw(struct pnode *pno, mode_t mode)
err = md_create(llu_i2sbi(dir)->ll_md_exp, &op_data, NULL, 0,
mode | S_IFDIR, current->fsuid, current->fsgid,
- current->cap_effective, 0, &request);
+ cfs_curproc_cap_pack(), 0, &request);
ptlrpc_req_finished(request);
liblustre_wait_event(0);
RETURN(err);
diff --git a/lustre/llite/dir.c b/lustre/llite/dir.c
index 708b01a9c0970767969822a1e3e87545a7260148..55fa6a8b403e2bd8e6b5b624682fe53c6f5a47f4 100644
--- a/lustre/llite/dir.c
+++ b/lustre/llite/dir.c
@@ -949,7 +949,7 @@ static int ll_dir_ioctl(struct inode *inode, struct file *file,
struct obd_quotactl *oqctl;
int rc, error = 0;
- if (!capable(CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
RETURN(-EPERM);
OBD_ALLOC_PTR(oqctl);
@@ -973,7 +973,7 @@ static int ll_dir_ioctl(struct inode *inode, struct file *file,
struct if_quotacheck *check;
int rc;
- if (!capable(CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
RETURN(-EPERM);
OBD_ALLOC_PTR(check);
@@ -1028,13 +1028,13 @@ static int ll_dir_ioctl(struct inode *inode, struct file *file,
case Q_QUOTAOFF:
case Q_SETQUOTA:
case Q_SETINFO:
- if (!capable(CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
GOTO(out_quotactl, rc = -EPERM);
break;
case Q_GETQUOTA:
if (((type == USRQUOTA && current->euid != id) ||
(type == GRPQUOTA && !in_egroup_p(id))) &&
- !capable(CAP_SYS_ADMIN))
+ !cfs_capable(CFS_CAP_SYS_ADMIN))
GOTO(out_quotactl, rc = -EPERM);
/* XXX: dqb_valid is borrowed as a flag to mark that
diff --git a/lustre/llite/file.c b/lustre/llite/file.c
index c46aa0bb0984979d8397901711c734e0ed0e6d83..04e3c4117ad37e0cb15aa179289c3a2313a685d4 100644
--- a/lustre/llite/file.c
+++ b/lustre/llite/file.c
@@ -1973,7 +1973,7 @@ static int ll_lov_recreate_obj(struct inode *inode, struct file *file,
struct lov_stripe_md *lsm, *lsm2;
ENTRY;
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
RETURN(-EPERM);
rc = copy_from_user(&ucreatp, (struct ll_recreate_obj *)arg,
@@ -2173,7 +2173,7 @@ static int ll_lov_setea(struct inode *inode, struct file *file,
int rc;
ENTRY;
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
RETURN(-EPERM);
OBD_ALLOC(lump, lum_size);
@@ -3214,10 +3214,10 @@ check_groups:
check_capabilities:
if (!(mask & MAY_EXEC) ||
(inode->i_mode & S_IXUGO) || S_ISDIR(inode->i_mode))
- if (capable(CAP_DAC_OVERRIDE))
+ if (cfs_capable(CFS_CAP_DAC_OVERRIDE))
return 0;
- if (capable(CAP_DAC_READ_SEARCH) && ((mask == MAY_READ) ||
+ if (cfs_capable(CFS_CAP_DAC_READ_SEARCH) && ((mask == MAY_READ) ||
(S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE))))
return 0;
diff --git a/lustre/llite/llite_lib.c b/lustre/llite/llite_lib.c
index 4c165a558ecf68020976174881d29f49387990d4..b42fb5a810f02502d3c2232c2b12b5b457603b2a 100644
--- a/lustre/llite/llite_lib.c
+++ b/lustre/llite/llite_lib.c
@@ -1513,7 +1513,8 @@ int ll_setattr_raw(struct inode *inode, struct iattr *attr)
/* POSIX: check before ATTR_*TIME_SET set (from inode_change_ok) */
if (ia_valid & (ATTR_MTIME_SET | ATTR_ATIME_SET)) {
- if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER))
+ if (current->fsuid != inode->i_uid &&
+ !cfs_capable(CFS_CAP_FOWNER))
RETURN(-EPERM);
}
@@ -2399,7 +2400,7 @@ struct md_op_data * ll_prep_md_op_data(struct md_op_data *op_data,
op_data->op_mod_time = cfs_time_current_sec();
op_data->op_fsuid = current->fsuid;
op_data->op_fsgid = current->fsgid;
- op_data->op_cap = current->cap_effective;
+ op_data->op_cap = cfs_curproc_cap_pack();
op_data->op_bias = MDS_CHECK_SPLIT;
op_data->op_opc = opc;
op_data->op_mds = 0;
diff --git a/lustre/llite/namei.c b/lustre/llite/namei.c
index 1bd7c2c41ce186ab424b913a74fbb4bc51ebe038..cd46159dad027be8b1d96ccafc1a8387697bb3d5 100644
--- a/lustre/llite/namei.c
+++ b/lustre/llite/namei.c
@@ -847,7 +847,7 @@ static int ll_new_node(struct inode *dir, struct qstr *name,
err = md_create(sbi->ll_md_exp, op_data, tgt, tgt_len, mode,
current->fsuid, current->fsgid,
- current->cap_effective, rdev, &request);
+ cfs_curproc_cap_pack(), rdev, &request);
ll_finish_md_op_data(op_data);
if (err)
GOTO(err_exit, err);
diff --git a/lustre/llite/rw.c b/lustre/llite/rw.c
index 3d62c588e1a8dbe0e08bb1c7e16a286e3900e099..41b177af32fe017f535a76ef406456b9977a3f97 100644
--- a/lustre/llite/rw.c
+++ b/lustre/llite/rw.c
@@ -1029,7 +1029,7 @@ int ll_commit_write(struct file *file, struct page *page, unsigned from,
if (exp == NULL)
RETURN(-EINVAL);
- llap->llap_ignore_quota = capable(CAP_SYS_RESOURCE);
+ llap->llap_ignore_quota = cfs_capable(CFS_CAP_SYS_RESOURCE);
/*
* queue a write for some time in the future the first time we
@@ -2229,7 +2229,7 @@ static int ll_file_oig_pages(struct inode * inode, struct page **pages,
if (rc)
RETURN(rc);
brw_flags = OBD_BRW_SRVLOCK;
- if (capable(CAP_SYS_RESOURCE))
+ if (cfs_capable(CFS_CAP_SYS_RESOURCE))
brw_flags |= OBD_BRW_NOQUOTA;
for (i = 0; i < numpages; i++) {
diff --git a/lustre/llite/xattr.c b/lustre/llite/xattr.c
index 28075a9f9cdf4ccf29259d81cd2fd5e879b6c443..2749725df4ccc95f30d738765782277de8cdc8ed 100644
--- a/lustre/llite/xattr.c
+++ b/lustre/llite/xattr.c
@@ -101,7 +101,7 @@ int xattr_type_filter(struct ll_sb_info *sbi, int xattr_type)
if (xattr_type == XATTR_USER_T && !(sbi->ll_flags & LL_SBI_USER_XATTR))
return -EOPNOTSUPP;
- if (xattr_type == XATTR_TRUSTED_T && !capable(CAP_SYS_ADMIN))
+ if (xattr_type == XATTR_TRUSTED_T && !cfs_capable(CFS_CAP_SYS_ADMIN))
return -EPERM;
if (xattr_type == XATTR_OTHER_T)
return -EOPNOTSUPP;
diff --git a/lustre/lmv/lmv_obd.c b/lustre/lmv/lmv_obd.c
index cd96327fbca7309ff9e6f9f327ad77280bbf1882..4a30926137ee45e6a5ad968788cb38557b56fad4 100644
--- a/lustre/lmv/lmv_obd.c
+++ b/lustre/lmv/lmv_obd.c
@@ -1378,7 +1378,7 @@ cleanup:
int lmv_create(struct obd_export *exp, struct md_op_data *op_data,
const void *data, int datalen, int mode, __u32 uid,
- __u32 gid, __u32 cap_effective, __u64 rdev,
+ __u32 gid, cfs_cap_t cap_effective, __u64 rdev,
struct ptlrpc_request **request)
{
struct obd_device *obd = exp->exp_obd;
@@ -1897,7 +1897,7 @@ repeat:
op_data->op_fsuid = current->fsuid;
op_data->op_fsgid = current->fsgid;
- op_data->op_cap = current->cap_effective;
+ op_data->op_cap = cfs_curproc_cap_pack();
tgt_exp = lmv->tgts[mds].ltd_exp;
if (op_data->op_namelen) {
@@ -2021,7 +2021,7 @@ repeat:
request:
op_data->op_fsuid = current->fsuid;
op_data->op_fsgid = current->fsgid;
- op_data->op_cap = current->cap_effective;
+ op_data->op_cap = cfs_curproc_cap_pack();
src_exp = lmv_get_export(lmv, mds1);
tgt_exp = lmv_get_export(lmv, mds2);
@@ -2468,7 +2468,7 @@ repeat:
op_data->op_fsuid = current->fsuid;
op_data->op_fsgid = current->fsgid;
- op_data->op_cap = current->cap_effective;
+ op_data->op_cap = cfs_curproc_cap_pack();
/* If child's fid is given, cancel unused locks for it if it is from
* another export than parent. */
diff --git a/lustre/lvfs/fsfilt_ext3.c b/lustre/lvfs/fsfilt_ext3.c
index dd7292d2e57c0b4e54d0a56293836ac83f98ad05..1577be76e886588b62bd8046cca1b5299777e161 100644
--- a/lustre/lvfs/fsfilt_ext3.c
+++ b/lustre/lvfs/fsfilt_ext3.c
@@ -523,7 +523,8 @@ static int fsfilt_ext3_setattr(struct dentry *dentry, void *handle,
if (iattr->ia_valid & ATTR_MODE) {
inode->i_mode = iattr->ia_mode;
- if (!in_group_p(inode->i_gid) && !capable(CAP_FSETID))
+ if (!in_group_p(inode->i_gid) &&
+ !cfs_capable(CFS_CAP_FSETID))
inode->i_mode &= ~S_ISGID;
}
diff --git a/lustre/mdc/mdc_internal.h b/lustre/mdc/mdc_internal.h
index 0676f0d22751eb152d318616f6a2c569936f4e3b..62b85bfa7b5537fc5d9c6220d8da559407e9dfb6 100644
--- a/lustre/mdc/mdc_internal.h
+++ b/lustre/mdc/mdc_internal.h
@@ -64,7 +64,7 @@ void mdc_setattr_pack(struct ptlrpc_request *req, struct md_op_data *op_data,
void *ea, int ealen, void *ea2, int ea2len);
void mdc_create_pack(struct ptlrpc_request *req, struct md_op_data *op_data,
const void *data, int datalen, __u32 mode, __u32 uid,
- __u32 gid, __u32 cap_effective, __u64 rdev);
+ __u32 gid, cfs_cap_t capability, __u64 rdev);
void mdc_open_pack(struct ptlrpc_request *req, struct md_op_data *op_data,
__u32 mode, __u64 rdev, __u32 flags, const void *data,
int datalen);
@@ -144,7 +144,8 @@ void mdc_commit_delayed(struct ptlrpc_request *req);
int mdc_create(struct obd_export *exp, struct md_op_data *op_data,
const void *data, int datalen, int mode, __u32 uid, __u32 gid,
- __u32 cap_effective, __u64 rdev, struct ptlrpc_request **request);
+ cfs_cap_t capability, __u64 rdev,
+ struct ptlrpc_request **request);
int mdc_link(struct obd_export *exp, struct md_op_data *op_data,
struct ptlrpc_request **request);
int mdc_rename(struct obd_export *exp, struct md_op_data *op_data,
diff --git a/lustre/mdc/mdc_lib.c b/lustre/mdc/mdc_lib.c
index a293b36f5d39320bf7267eb89d0c5a271b8be753..dc5aa09264be7452a7add64c6ce5b9ce56685cd3 100644
--- a/lustre/mdc/mdc_lib.c
+++ b/lustre/mdc/mdc_lib.c
@@ -59,7 +59,7 @@ static void __mdc_pack_body(struct mdt_body *b, __u32 suppgid)
b->gid = current->gid;
b->fsuid = current->fsuid;
b->fsgid = current->fsgid;
- b->capability = current->cap_effective;
+ b->capability = cfs_curproc_cap_pack();
}
void mdc_pack_capa(struct ptlrpc_request *req, const struct req_msg_field *field,
@@ -128,7 +128,7 @@ void mdc_readdir_pack(struct ptlrpc_request *req, __u64 pgoff,
/* packing of MDS records */
void mdc_create_pack(struct ptlrpc_request *req, struct md_op_data *op_data,
const void *data, int datalen, __u32 mode,
- __u32 uid, __u32 gid, __u32 cap_effective, __u64 rdev)
+ __u32 uid, __u32 gid, cfs_cap_t cap_effective, __u64 rdev)
{
struct mdt_rec_create *rec;
char *tmp;
@@ -218,7 +218,7 @@ void mdc_open_pack(struct ptlrpc_request *req, struct md_op_data *op_data,
rec->cr_opcode = REINT_OPEN;
rec->cr_fsuid = current->fsuid;
rec->cr_fsgid = current->fsgid;
- rec->cr_cap = current->cap_effective;
+ rec->cr_cap = cfs_curproc_cap_pack();
if (op_data != NULL) {
rec->cr_fid1 = op_data->op_fid1;
rec->cr_fid2 = op_data->op_fid2;
@@ -298,7 +298,7 @@ static void mdc_setattr_pack_rec(struct mdt_rec_setattr *rec,
rec->sa_opcode = REINT_SETATTR;
rec->sa_fsuid = current->fsuid;
rec->sa_fsgid = current->fsgid;
- rec->sa_cap = current->cap_effective;
+ rec->sa_cap = cfs_curproc_cap_pack();
rec->sa_suppgid = -1;
rec->sa_fid = op_data->op_fid1;
@@ -452,7 +452,7 @@ void mdc_getattr_pack(struct ptlrpc_request *req, __u64 valid, int flags,
b->fsuid = current->fsuid;
b->fsgid = current->fsgid;
- b->capability = current->cap_effective;
+ b->capability = cfs_curproc_cap_pack();
b->valid = valid;
if (op_data->op_bias & MDS_CHECK_SPLIT)
b->valid |= OBD_MD_FLCKSPLIT;
diff --git a/lustre/mdc/mdc_reint.c b/lustre/mdc/mdc_reint.c
index c45907ff5bb01be8ccb5ddcb242b40cada585b1e..67effaf41e687d108201752fe148155f408794c7 100644
--- a/lustre/mdc/mdc_reint.c
+++ b/lustre/mdc/mdc_reint.c
@@ -205,7 +205,8 @@ int mdc_setattr(struct obd_export *exp, struct md_op_data *op_data,
int mdc_create(struct obd_export *exp, struct md_op_data *op_data,
const void *data, int datalen, int mode, __u32 uid, __u32 gid,
- __u32 cap_effective, __u64 rdev, struct ptlrpc_request **request)
+ cfs_cap_t cap_effective, __u64 rdev,
+ struct ptlrpc_request **request)
{
struct ptlrpc_request *req;
int level, rc;
diff --git a/lustre/mdc/mdc_request.c b/lustre/mdc/mdc_request.c
index 7bfe0cd8231bc0ea946bcdf353a80d026b22eae1..2ebe9a2e6bee326da3e619e8f3c045bb05362574 100644
--- a/lustre/mdc/mdc_request.c
+++ b/lustre/mdc/mdc_request.c
@@ -374,7 +374,7 @@ static int mdc_xattr_common(struct obd_export *exp,const struct req_format *fmt,
*/
rec->sx_fsuid = current->fsuid;
rec->sx_fsgid = current->fsgid;
- rec->sx_cap = current->cap_effective;
+ rec->sx_cap = cfs_curproc_cap_pack();
rec->sx_suppgid1 = suppgid;
rec->sx_suppgid2 = -1;
rec->sx_fid = *fid;
diff --git a/lustre/mdd/mdd_dir.c b/lustre/mdd/mdd_dir.c
index 1c76e3d893361f15b00660f6785435e12b6ef4c7..8692b230622526c5e9dfd99f7b73f6f1b1983cf3 100644
--- a/lustre/mdd/mdd_dir.c
+++ b/lustre/mdd/mdd_dir.c
@@ -359,7 +359,7 @@ static inline int mdd_is_sticky(const struct lu_env *env,
if (tmp_la->la_uid == uc->mu_fsuid)
return 0;
- return !mdd_capable(uc, CAP_FOWNER);
+ return !mdd_capable(uc, CFS_CAP_FOWNER);
}
/*
diff --git a/lustre/mdd/mdd_internal.h b/lustre/mdd/mdd_internal.h
index 27476785cfc6b7ea077bd2333fb8aa2c2f98f1a4..526355601c4d0eedfac323638e5864b4b6de3ebe 100644
--- a/lustre/mdd/mdd_internal.h
+++ b/lustre/mdd/mdd_internal.h
@@ -326,7 +326,7 @@ struct mdd_object *mdd_object_find(const struct lu_env *env,
#define mdd_cap_raised(c, flag) (mdd_cap_t(c) & MDD_CAP_TO_MASK(flag))
/* capable() is copied from linux kernel! */
-static inline int mdd_capable(struct md_ucred *uc, int cap)
+static inline int mdd_capable(struct md_ucred *uc, cfs_cap_t cap)
{
if (mdd_cap_raised(uc->mu_cap, cap))
return 1;
diff --git a/lustre/mdd/mdd_lov.c b/lustre/mdd/mdd_lov.c
index 9e076073f6f25772c2105a1d23fe0099349eb3cd..182a8b7317c9c2ee0e07ee2de2ce2cbd994d8662 100644
--- a/lustre/mdd/mdd_lov.c
+++ b/lustre/mdd/mdd_lov.c
@@ -294,7 +294,8 @@ int mdd_lsm_sanity_check(const struct lu_env *env, struct mdd_object *obj)
if (rc)
RETURN(rc);
- if ((uc->mu_fsuid != tmp_la->la_uid) && !mdd_capable(uc, CAP_FOWNER))
+ if ((uc->mu_fsuid != tmp_la->la_uid) &&
+ !mdd_capable(uc, CFS_CAP_FOWNER))
rc = mdd_permission_internal_locked(env, obj, tmp_la,
MAY_WRITE);
diff --git a/lustre/mdd/mdd_object.c b/lustre/mdd/mdd_object.c
index 39d3814ab6609642f50a91f248aa316d35c8fb1b..1f49ce035ad53ca0fda44224099f09d7dbb95b6c 100644
--- a/lustre/mdd/mdd_object.c
+++ b/lustre/mdd/mdd_object.c
@@ -696,7 +696,7 @@ static int mdd_fix_attr(const struct lu_env *env, struct mdd_object *obj,
(LUSTRE_IMMUTABLE_FL | LUSTRE_APPEND_FL);
if ((uc->mu_fsuid != tmp_la->la_uid) &&
- !mdd_capable(uc, CAP_FOWNER))
+ !mdd_capable(uc, CFS_CAP_FOWNER))
RETURN(-EPERM);
/* XXX: the IMMUTABLE and APPEND_ONLY flags can
@@ -706,7 +706,7 @@ static int mdd_fix_attr(const struct lu_env *env, struct mdd_object *obj,
if (mdd_is_append(obj))
oldflags |= LUSTRE_APPEND_FL;
if ((oldflags ^ newflags) &&
- !mdd_capable(uc, CAP_LINUX_IMMUTABLE))
+ !mdd_capable(uc, CFS_CAP_LINUX_IMMUTABLE))
RETURN(-EPERM);
if (!S_ISDIR(tmp_la->la_mode))
@@ -722,7 +722,7 @@ static int mdd_fix_attr(const struct lu_env *env, struct mdd_object *obj,
if ((la->la_valid & (LA_MTIME | LA_ATIME | LA_CTIME)) &&
!(la->la_valid & ~(LA_MTIME | LA_ATIME | LA_CTIME))) {
if ((uc->mu_fsuid != tmp_la->la_uid) &&
- !mdd_capable(uc, CAP_FOWNER)) {
+ !mdd_capable(uc, CFS_CAP_FOWNER)) {
rc = mdd_permission_internal_locked(env, obj, tmp_la,
MAY_WRITE);
if (rc)
@@ -737,7 +737,7 @@ static int mdd_fix_attr(const struct lu_env *env, struct mdd_object *obj,
if ((la->la_valid & ~LA_MODE) &&
!(ma->ma_attr_flags & MDS_PERM_BYPASS) &&
(uc->mu_fsuid != tmp_la->la_uid) &&
- !mdd_capable(uc, CAP_FOWNER))
+ !mdd_capable(uc, CFS_CAP_FOWNER))
RETURN(-EPERM);
if (la->la_mode == (umode_t) -1)
@@ -747,8 +747,9 @@ static int mdd_fix_attr(const struct lu_env *env, struct mdd_object *obj,
(tmp_la->la_mode & ~S_IALLUGO);
/* Also check the setgid bit! */
- if (!lustre_in_group_p(uc, (la->la_valid & LA_GID) ? la->la_gid :
- tmp_la->la_gid) && !mdd_capable(uc, CAP_FSETID))
+ if (!lustre_in_group_p(uc, (la->la_valid & LA_GID) ?
+ la->la_gid : tmp_la->la_gid) &&
+ !mdd_capable(uc, CFS_CAP_FSETID))
la->la_mode &= ~S_ISGID;
} else {
la->la_mode = tmp_la->la_mode;
@@ -760,7 +761,7 @@ static int mdd_fix_attr(const struct lu_env *env, struct mdd_object *obj,
la->la_uid = tmp_la->la_uid;
if (((uc->mu_fsuid != tmp_la->la_uid) ||
(la->la_uid != tmp_la->la_uid)) &&
- !mdd_capable(uc, CAP_CHOWN))
+ !mdd_capable(uc, CFS_CAP_CHOWN))
RETURN(-EPERM);
/* If the user or group of a non-directory has been
@@ -786,7 +787,7 @@ static int mdd_fix_attr(const struct lu_env *env, struct mdd_object *obj,
if (((uc->mu_fsuid != tmp_la->la_uid) ||
((la->la_gid != tmp_la->la_gid) &&
!lustre_in_group_p(uc, la->la_gid))) &&
- !mdd_capable(uc, CAP_CHOWN))
+ !mdd_capable(uc, CFS_CAP_CHOWN))
RETURN(-EPERM);
/* Likewise, if the user or group of a non-directory
@@ -961,7 +962,8 @@ static int mdd_xattr_sanity_check(const struct lu_env *env,
if (rc)
RETURN(rc);
- if ((uc->mu_fsuid != tmp_la->la_uid) && !mdd_capable(uc, CAP_FOWNER))
+ if ((uc->mu_fsuid != tmp_la->la_uid) &&
+ !mdd_capable(uc, CFS_CAP_FOWNER))
RETURN(-EPERM);
RETURN(rc);
@@ -1299,7 +1301,7 @@ static int mdd_open_sanity_check(const struct lu_env *env,
if (uc && ((uc->mu_valid == UCRED_OLD) ||
(uc->mu_valid == UCRED_NEW)) &&
(uc->mu_fsuid != tmp_la->la_uid) &&
- !mdd_capable(uc, CAP_FOWNER))
+ !mdd_capable(uc, CFS_CAP_FOWNER))
RETURN(-EPERM);
}
#endif
diff --git a/lustre/mdd/mdd_permission.c b/lustre/mdd/mdd_permission.c
index 12385825d4d8a2d50dceb16b0c41bd9ec655efdd..f1cf0ac0a317c8bf70c3dd036e7ecdf692800ac1 100644
--- a/lustre/mdd/mdd_permission.c
+++ b/lustre/mdd/mdd_permission.c
@@ -259,12 +259,12 @@ int __mdd_permission_internal(const struct lu_env *env, struct mdd_object *obj,
check_capabilities:
if (!(mask & MAY_EXEC) ||
(la->la_mode & S_IXUGO) || S_ISDIR(la->la_mode))
- if (mdd_capable(uc, CAP_DAC_OVERRIDE))
+ if (mdd_capable(uc, CFS_CAP_DAC_OVERRIDE))
RETURN(0);
if ((mask == MAY_READ) ||
(S_ISDIR(la->la_mode) && !(mask & MAY_WRITE)))
- if (mdd_capable(uc, CAP_DAC_READ_SEARCH))
+ if (mdd_capable(uc, CFS_CAP_DAC_READ_SEARCH))
RETURN(0);
RETURN(-EACCES);
@@ -365,7 +365,8 @@ int mdd_permission(const struct lu_env *env,
RETURN(rc);
}
- if (la->la_uid != uc->mu_fsuid && !mdd_capable(uc, CAP_FOWNER))
+ if (la->la_uid != uc->mu_fsuid &&
+ !mdd_capable(uc, CFS_CAP_FOWNER))
rc = -EPERM;
}
diff --git a/lustre/mdt/mdt_lib.c b/lustre/mdt/mdt_lib.c
index 5fffcf2052c160631298161cabb0b348d6aedfa4..b3dc46284daa2b3c8ca671188818456eddff1456 100644
--- a/lustre/mdt/mdt_lib.c
+++ b/lustre/mdt/mdt_lib.c
@@ -243,7 +243,7 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type,
/* remove fs privilege for non-root user */
if (ucred->mu_fsuid)
- ucred->mu_cap = pud->pud_cap & ~CAP_FS_MASK;
+ ucred->mu_cap = pud->pud_cap & ~CFS_CAP_FS_MASK;
else
ucred->mu_cap = pud->pud_cap;
ucred->mu_valid = UCRED_NEW;
@@ -406,7 +406,7 @@ static int old_init_ucred(struct mdt_thread_info *info,
/* remove fs privilege for non-root user */
if (uc->mu_fsuid)
- uc->mu_cap = body->capability & ~CAP_FS_MASK;
+ uc->mu_cap = body->capability & ~CFS_CAP_FS_MASK;
else
uc->mu_cap = body->capability;
uc->mu_valid = UCRED_OLD;
@@ -446,7 +446,7 @@ static int old_init_ucred_reint(struct mdt_thread_info *info)
/* remove fs privilege for non-root user */
if (uc->mu_fsuid)
- uc->mu_cap &= ~CAP_FS_MASK;
+ uc->mu_cap &= ~CFS_CAP_FS_MASK;
uc->mu_valid = UCRED_OLD;
RETURN(0);
diff --git a/lustre/obdclass/llog_obd.c b/lustre/obdclass/llog_obd.c
index f13d78fe428f6efdcbd1502188ce480a70c6a4cc..2e4b3a27ba9986faab1c93aff4dd421dde0200d4 100644
--- a/lustre/obdclass/llog_obd.c
+++ b/lustre/obdclass/llog_obd.c
@@ -213,8 +213,7 @@ int llog_add(struct llog_ctxt *ctxt, struct llog_rec_hdr *rec,
struct lov_stripe_md *lsm, struct llog_cookie *logcookies,
int numcookies)
{
- __u32 cap;
- int rc;
+ int raised, rc;
ENTRY;
if (!ctxt) {
@@ -223,10 +222,12 @@ int llog_add(struct llog_ctxt *ctxt, struct llog_rec_hdr *rec,
}
CTXT_CHECK_OP(ctxt, add, -EOPNOTSUPP);
- cap = current->cap_effective;
- cap_raise(current->cap_effective, CAP_SYS_RESOURCE);
+ raised = cfs_cap_raised(CFS_CAP_SYS_RESOURCE);
+ if (!raised)
+ cfs_cap_raise(CFS_CAP_SYS_RESOURCE);
rc = CTXTP(ctxt, add)(ctxt, rec, lsm, logcookies, numcookies);
- current->cap_effective = cap;
+ if (!raised)
+ cfs_cap_lower(CFS_CAP_SYS_RESOURCE);
RETURN(rc);
}
EXPORT_SYMBOL(llog_add);
diff --git a/lustre/obdclass/obdo.c b/lustre/obdclass/obdo.c
index 88c70111577d236ccf74f545f45d8132be09015e..153048a7c9a040873069a490ea22a9542f7c7601 100644
--- a/lustre/obdclass/obdo.c
+++ b/lustre/obdclass/obdo.c
@@ -163,7 +163,7 @@ void obdo_from_iattr(struct obdo *oa, struct iattr *attr, unsigned int ia_valid)
if (ia_valid & ATTR_MODE) {
oa->o_mode = attr->ia_mode;
oa->o_valid |= OBD_MD_FLTYPE | OBD_MD_FLMODE;
- if (!in_group_p(oa->o_gid) && !capable(CAP_FSETID))
+ if (!in_group_p(oa->o_gid) && !cfs_capable(CFS_CAP_FSETID))
oa->o_mode &= ~S_ISGID;
}
if (ia_valid & ATTR_UID) {
@@ -211,7 +211,7 @@ void iattr_from_obdo(struct iattr *attr, struct obdo *oa, obd_flag valid)
if (valid & OBD_MD_FLMODE) {
attr->ia_mode = (attr->ia_mode & S_IFMT)|(oa->o_mode & ~S_IFMT);
attr->ia_valid |= ATTR_MODE;
- if (!in_group_p(oa->o_gid) && !capable(CAP_FSETID))
+ if (!in_group_p(oa->o_gid) && !cfs_capable(CFS_CAP_FSETID))
attr->ia_mode &= ~S_ISGID;
}
if (valid & OBD_MD_FLUID) {
diff --git a/lustre/obdecho/echo_client.c b/lustre/obdecho/echo_client.c
index 701422122f62c42c06398803826048dbc814e6e5..ffd1116ca0bf3972d82bd942f5f682ba1052a29a 100644
--- a/lustre/obdecho/echo_client.c
+++ b/lustre/obdecho/echo_client.c
@@ -1148,7 +1148,7 @@ echo_client_iocontrol(unsigned int cmd, struct obd_export *exp,
switch (cmd) {
case OBD_IOC_CREATE: /* may create echo object */
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
GOTO (out, rc = -EPERM);
rc = echo_create_object (obd, 1, &data->ioc_obdo1,
@@ -1157,7 +1157,7 @@ echo_client_iocontrol(unsigned int cmd, struct obd_export *exp,
GOTO(out, rc);
case OBD_IOC_DESTROY:
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
GOTO (out, rc = -EPERM);
rc = echo_get_object (&eco, obd, &data->ioc_obdo1);
@@ -1185,7 +1185,7 @@ echo_client_iocontrol(unsigned int cmd, struct obd_export *exp,
GOTO(out, rc);
case OBD_IOC_SETATTR:
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
GOTO (out, rc = -EPERM);
rc = echo_get_object (&eco, obd, &data->ioc_obdo1);
@@ -1200,7 +1200,7 @@ echo_client_iocontrol(unsigned int cmd, struct obd_export *exp,
GOTO(out, rc);
case OBD_IOC_BRW_WRITE:
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
GOTO (out, rc = -EPERM);
rw = OBD_BRW_WRITE;
@@ -1219,7 +1219,7 @@ echo_client_iocontrol(unsigned int cmd, struct obd_export *exp,
GOTO(out, rc);
case ECHO_IOC_SET_STRIPE:
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
GOTO (out, rc = -EPERM);
if (data->ioc_pbuf1 == NULL) { /* unset */
@@ -1236,7 +1236,7 @@ echo_client_iocontrol(unsigned int cmd, struct obd_export *exp,
GOTO (out, rc);
case ECHO_IOC_ENQUEUE:
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
GOTO (out, rc = -EPERM);
rc = echo_client_enqueue(exp, &data->ioc_obdo1,
diff --git a/lustre/obdfilter/filter.c b/lustre/obdfilter/filter.c
index 134db4742ba0fe47298363a77ad97bc353f2371b..e60e2b5ef80ca238161e122c8fe5c2a6d96c5402 100644
--- a/lustre/obdfilter/filter.c
+++ b/lustre/obdfilter/filter.c
@@ -1567,8 +1567,9 @@ int filter_vfs_unlink(struct inode *dir, struct dentry *dentry,
GOTO(out, rc = -EPERM);
/* check_sticky() */
- if ((dentry->d_inode->i_uid != current->fsuid && !capable(CAP_FOWNER))||
- IS_APPEND(dentry->d_inode) || IS_IMMUTABLE(dentry->d_inode))
+ if ((dentry->d_inode->i_uid != current->fsuid &&
+ !cfs_capable(CFS_CAP_FOWNER)) || IS_APPEND(dentry->d_inode) ||
+ IS_IMMUTABLE(dentry->d_inode))
GOTO(out, rc = -EPERM);
/* NOTE: This might need to go outside i_mutex, though it isn't clear if
diff --git a/lustre/obdfilter/filter_io_26.c b/lustre/obdfilter/filter_io_26.c
index a301fba00cd8bfdde9f67ad45fc714db77646bc7..e96513ca011646b635326cf5140048b37400b2fb 100644
--- a/lustre/obdfilter/filter_io_26.c
+++ b/lustre/obdfilter/filter_io_26.c
@@ -754,7 +754,7 @@ int filter_commitrw_write(struct obd_export *exp, struct obdo *oa,
CDEBUG(D_INODE, "update UID/GID to %lu/%lu\n",
(unsigned long)oa->o_uid, (unsigned long)oa->o_gid);
- cap_raise(current->cap_effective, CAP_SYS_RESOURCE);
+ cfs_cap_raise(CFS_CAP_SYS_RESOURCE);
iattr.ia_valid |= ATTR_MODE;
iattr.ia_mode = inode->i_mode;
diff --git a/lustre/ptlrpc/sec.c b/lustre/ptlrpc/sec.c
index 94267cf3d0d4ddbc27340d263d853ad36421e46a..59fedf7e20ddb238455dbdc802eb0f34e390df5d 100644
--- a/lustre/ptlrpc/sec.c
+++ b/lustre/ptlrpc/sec.c
@@ -2203,7 +2203,7 @@ int sptlrpc_pack_user_desc(struct lustre_msg *msg, int offset)
pud->pud_gid = cfs_current()->gid;
pud->pud_fsuid = cfs_current()->fsuid;
pud->pud_fsgid = cfs_current()->fsgid;
- pud->pud_cap = cfs_current()->cap_effective;
+ pud->pud_cap = cfs_curproc_cap_pack();
pud->pud_ngroups = (msg->lm_buflens[offset] - sizeof(*pud)) / 4;
#ifdef __KERNEL__
diff --git a/lustre/quota/quota_interface.c b/lustre/quota/quota_interface.c
index dff20af378a08a83992d80dc2eb468bbed984c36..e035ceb57ae3acae261780952e7157bf11af8f7b 100644
--- a/lustre/quota/quota_interface.c
+++ b/lustre/quota/quota_interface.c
@@ -353,9 +353,9 @@ static int filter_quota_enforce(struct obd_device *obd, unsigned int ignore)
RETURN(0);
if (ignore)
- cap_raise(current->cap_effective, CAP_SYS_RESOURCE);
+ cfs_cap_raise(CFS_CAP_SYS_RESOURCE);
else
- cap_lower(current->cap_effective, CAP_SYS_RESOURCE);
+ cfs_cap_lower(CFS_CAP_SYS_RESOURCE);
RETURN(0);
}
diff --git a/lustre/tests/it_test.c b/lustre/tests/it_test.c
index b78d9f8db250d6e05c62658ee26c8a3d81f7872a..0b394a03e23d93030fd953ebc4af9b90e83ff9c3 100644
--- a/lustre/tests/it_test.c
+++ b/lustre/tests/it_test.c
@@ -245,8 +245,9 @@ static enum interval_iter sanity_cb(struct interval_node *node, void *args)
}
if (!has) {
- int count = 1;
+ int count;
err:
+ count = 1;
dprintf("node"__S":%llu Child list:\n",
node->in_extent.start,
node->in_extent.end,
diff --git a/lustre/utils/loadgen.c b/lustre/utils/loadgen.c
index 76fd4e3dcb617c2d0f9a4a07b001d351dbb3cdb6..bb6c965a7ae2c6b1a3f8720a46075d638fbb2c4a 100644
--- a/lustre/utils/loadgen.c
+++ b/lustre/utils/loadgen.c
@@ -667,7 +667,7 @@ static void *run_one_child(void *threadvp)
{
struct kid_t *kid;
char oname[10], ename[10];
- int thread = (long)threadvp, dev;
+ int thread = (long)threadvp, dev = 0;
int rc = 0, err;
if (o_verbose > 2)