diff --git a/lustre/include/darwin/lvfs.h b/lustre/include/darwin/lvfs.h
index bda6594f1450f3250272fad8b195263cc561c5f8..a465578a0c3068c7620f98b0ab24beed55b6771e 100644
--- a/lustre/include/darwin/lvfs.h
+++ b/lustre/include/darwin/lvfs.h
@@ -48,7 +48,7 @@
struct lvfs_ucred {
__u32 luc_fsuid;
__u32 luc_fsgid;
- __u32 luc_cap;
+ cfs_kernel_cap_t luc_cap;
__u32 luc_uid;
__u32 luc_umask;
};
diff --git a/lustre/include/liblustre.h b/lustre/include/liblustre.h
index 840c017fe821cc9c6f4900729d8ceb9acc2edacc..a2b6ebace338a0800d8249fc59bd00c9e50c5346 100644
--- a/lustre/include/liblustre.h
+++ b/lustre/include/liblustre.h
@@ -597,7 +597,7 @@ struct task_struct {
int max_groups;
int ngroups;
gid_t *groups;
- __u32 cap_effective;
+ cfs_cap_t cap_effective;
};
typedef struct task_struct cfs_task_t;
@@ -607,13 +607,6 @@ typedef struct task_struct cfs_task_t;
extern struct task_struct *current;
int in_group_p(gid_t gid);
-static inline int capable(int cap)
-{
- if (current->cap_effective & (1 << cap))
- return 1;
- else
- return 0;
-}
#define set_current_state(foo) do { current->state = foo; } while (0)
@@ -753,12 +746,6 @@ typedef enum {
CAP_SET=1
} cap_flag_value_t;
-#define CAP_DAC_OVERRIDE 1
-#define CAP_DAC_READ_SEARCH 2
-#define CAP_FOWNER 3
-#define CAP_FSETID 4
-#define CAP_SYS_ADMIN 21
-
cap_t cap_get_proc(void);
int cap_get_flag(cap_t, cap_value_t, cap_flag_t, cap_flag_value_t *);
diff --git a/lustre/include/linux/lvfs.h b/lustre/include/linux/lvfs.h
index 8c101d3711aab74edf892566eb0af61749825f7f..801281bfe9ca627cc4cabc0314c6a31fe53fc4e0 100644
--- a/lustre/include/linux/lvfs.h
+++ b/lustre/include/linux/lvfs.h
@@ -64,7 +64,7 @@ struct lvfs_ucred {
struct upcall_cache_entry *luc_uce;
__u32 luc_fsuid;
__u32 luc_fsgid;
- __u32 luc_cap;
+ cfs_kernel_cap_t luc_cap;
__u32 luc_suppgid1;
__u32 luc_suppgid2;
__u32 luc_umask;
diff --git a/lustre/include/lustre_log.h b/lustre/include/lustre_log.h
index 129459de9636e3dc7e2d3729b9e749454b2bc787..90e40ccb50c3caed7774c99d0674fa7e19d743f9 100644
--- a/lustre/include/lustre_log.h
+++ b/lustre/include/lustre_log.h
@@ -331,14 +331,6 @@ extern int llog_recov_thread_start(struct llog_commit_master *lcm);
extern void llog_recov_thread_stop(struct llog_commit_master *lcm,
int force);
-#ifndef __KERNEL__
-
-#define cap_raise(c, flag) do {} while(0)
-
-#define CAP_SYS_RESOURCE 24
-
-#endif /* !__KERNEL__ */
-
static inline void llog_gen_init(struct llog_ctxt *ctxt)
{
struct obd_device *obd = ctxt->loc_exp->exp_obd;
@@ -442,8 +434,7 @@ static inline int llog_write_rec(struct llog_handle *handle,
int numcookies, void *buf, int idx)
{
struct llog_operations *lop;
- __u32 cap;
- int rc, buflen;
+ int raised, rc, buflen;
ENTRY;
rc = llog_handle2ops(handle, &lop);
@@ -459,10 +450,12 @@ static inline int llog_write_rec(struct llog_handle *handle,
buflen = rec->lrh_len;
LASSERT(size_round(buflen) == buflen);
- cap = current->cap_effective;
- cap_raise(current->cap_effective, CAP_SYS_RESOURCE);
+ raised = cfs_cap_raised(CFS_CAP_SYS_RESOURCE);
+ if (!raised)
+ cfs_cap_raise(CFS_CAP_SYS_RESOURCE);
rc = lop->lop_write_rec(handle, rec, logcookies, numcookies, buf, idx);
- current->cap_effective = cap;
+ if (!raised)
+ cfs_cap_lower(CFS_CAP_SYS_RESOURCE);
RETURN(rc);
}
@@ -558,8 +551,7 @@ static inline int llog_create(struct llog_ctxt *ctxt, struct llog_handle **res,
struct llog_logid *logid, char *name)
{
struct llog_operations *lop;
- __u32 cap;
- int rc;
+ int raised, rc;
ENTRY;
rc = llog_obd2ops(ctxt, &lop);
@@ -568,10 +560,12 @@ static inline int llog_create(struct llog_ctxt *ctxt, struct llog_handle **res,
if (lop->lop_create == NULL)
RETURN(-EOPNOTSUPP);
- cap = current->cap_effective;
- cap_raise(current->cap_effective, CAP_SYS_RESOURCE);
+ raised = cfs_cap_raised(CFS_CAP_SYS_RESOURCE);
+ if (!raised)
+ cfs_cap_raise(CFS_CAP_SYS_RESOURCE);
rc = lop->lop_create(ctxt, res, logid, name);
- current->cap_effective = cap;
+ if (!raised)
+ cfs_cap_lower(CFS_CAP_SYS_RESOURCE);
RETURN(rc);
}
diff --git a/lustre/include/lustre_mds.h b/lustre/include/lustre_mds.h
index a64bc8d421a7e77df82f7d678ffd248b5fe9359c..0812a2d53289fca305e40378ffcb4c4db728893e 100644
--- a/lustre/include/lustre_mds.h
+++ b/lustre/include/lustre_mds.h
@@ -209,7 +209,8 @@ int mdc_readpage(struct obd_export *exp, struct ll_fid *mdc_fid, __u64 offset,
struct page *, struct ptlrpc_request **);
int mdc_create(struct obd_export *exp, struct mdc_op_data *op_data,
const void *data, int datalen, int mode, __u32 uid, __u32 gid,
- __u32 cap_effective, __u64 rdev,struct ptlrpc_request **request);
+ cfs_cap_t cap_effective, __u64 rdev,
+ struct ptlrpc_request **request);
int mdc_unlink(struct obd_export *exp, struct mdc_op_data *data,
struct ptlrpc_request **request);
int mdc_link(struct obd_export *exp, struct mdc_op_data *data,
diff --git a/lustre/liblustre/lutil.c b/lustre/liblustre/lutil.c
index 2b0e6042d6e3e10861c351c758f1892b281a4acb..7b0946c4d165b4ed849977378de3873c04542286 100644
--- a/lustre/liblustre/lutil.c
+++ b/lustre/liblustre/lutil.c
@@ -227,6 +227,46 @@ int liblustre_init_current(char *comm)
return 0;
}
+void cfs_cap_raise(cfs_cap_t cap)
+{
+ current->cap_effective |= (1 << cap);
+}
+
+void cfs_cap_lower(cfs_cap_t cap)
+{
+ current->cap_effective &= ~(1 << cap);
+}
+
+int cfs_cap_raised(cfs_cap_t cap)
+{
+ return current->cap_effective & (1 << cap);
+}
+
+void cfs_kernel_cap_pack(cfs_kernel_cap_t kcap, cfs_cap_t *cap)
+{
+ *cap = kcap;
+}
+
+void cfs_kernel_cap_unpack(cfs_kernel_cap_t *kcap, cfs_cap_t cap)
+{
+ *kcap = cap;
+}
+
+cfs_cap_t cfs_curproc_cap_pack(void) {
+ cfs_cap_t cap;
+ cfs_kernel_cap_pack(cfs_current()->cap_effective, &cap);
+ return cap;
+}
+
+void cfs_curproc_cap_unpack(cfs_cap_t cap) {
+ cfs_kernel_cap_unpack(&cfs_current()->cap_effective, cap);
+}
+
+int cfs_capable(cfs_cap_t cap)
+{
+ return cfs_cap_raised(cap);
+}
+
int init_lib_portals()
{
int rc;
diff --git a/lustre/liblustre/super.c b/lustre/liblustre/super.c
index 072007a8a219cedf6df0d309d7ff2408a943d98a..a70faec6c7077eb0fdded1498c35ba7cc60242cb 100644
--- a/lustre/liblustre/super.c
+++ b/lustre/liblustre/super.c
@@ -92,12 +92,12 @@ static int ll_permission(struct inode *inode, int mask)
if ((mask & (MAY_READ|MAY_WRITE)) ||
(st->st_mode & S_IXUGO))
- if (capable(CAP_DAC_OVERRIDE))
+ if (cfs_capable(CFS_CAP_DAC_OVERRIDE))
return 0;
if (mask == MAY_READ ||
(S_ISDIR(st->st_mode) && !(mask & MAY_WRITE))) {
- if (capable(CAP_DAC_READ_SEARCH))
+ if (cfs_capable(CFS_CAP_DAC_READ_SEARCH))
return 0;
}
@@ -609,7 +609,7 @@ static int inode_setattr(struct inode * inode, struct iattr * attr)
st->st_ctime = attr->ia_ctime;
if (ia_valid & ATTR_MODE) {
st->st_mode = attr->ia_mode;
- if (!in_group_p(st->st_gid) && !capable(CAP_FSETID))
+ if (!in_group_p(st->st_gid) && !cfs_capable(CFS_CAP_FSETID))
st->st_mode &= ~S_ISGID;
}
/* mark_inode_dirty(inode); */
@@ -735,7 +735,7 @@ int llu_setattr_raw(struct inode *inode, struct iattr *attr)
} else {
/* from inode_change_ok() */
if (current->fsuid != st->st_uid &&
- !capable(CAP_FOWNER))
+ !cfs_capable(CFS_CAP_FOWNER))
RETURN(-EPERM);
}
}
@@ -886,10 +886,9 @@ static int llu_iop_symlink_raw(struct pnode *pno, const char *tgt)
RETURN(err);
llu_prepare_mdc_op_data(&op_data, dir, NULL, name, len, 0);
- err = mdc_create(sbi->ll_mdc_exp, &op_data,
- tgt, strlen(tgt) + 1, S_IFLNK | S_IRWXUGO,
- current->fsuid, current->fsgid, current->cap_effective,
- 0, &request);
+ err = mdc_create(sbi->ll_mdc_exp, &op_data, tgt, strlen(tgt) + 1,
+ S_IFLNK | S_IRWXUGO, current->fsuid, current->fsgid,
+ cfs_curproc_cap_pack(), 0, &request);
ptlrpc_req_finished(request);
liblustre_wait_event(0);
RETURN(err);
@@ -1018,7 +1017,7 @@ static int llu_iop_mknod_raw(struct pnode *pno,
0);
err = mdc_create(sbi->ll_mdc_exp, &op_data, NULL, 0, mode,
current->fsuid, current->fsgid,
- current->cap_effective, dev, &request);
+ cfs_curproc_cap_pack(), dev, &request);
ptlrpc_req_finished(request);
break;
case S_IFDIR:
@@ -1246,9 +1245,9 @@ static int llu_iop_mkdir_raw(struct pnode *pno, mode_t mode)
RETURN(err);
llu_prepare_mdc_op_data(&op_data, dir, NULL, name, len, 0);
- err = mdc_create(llu_i2sbi(dir)->ll_mdc_exp, &op_data, NULL, 0, mode | S_IFDIR,
- current->fsuid, current->fsgid, current->cap_effective,
- 0, &request);
+ err = mdc_create(llu_i2sbi(dir)->ll_mdc_exp, &op_data, NULL, 0,
+ mode | S_IFDIR, current->fsuid, current->fsgid,
+ cfs_curproc_cap_pack(), 0, &request);
ptlrpc_req_finished(request);
liblustre_wait_event(0);
RETURN(err);
diff --git a/lustre/llite/dir.c b/lustre/llite/dir.c
index 2a87bc1b2af752c158d8c4460c4c7f0de09615c6..2c40b41cca98ac8089d3c4227c4bf85d11c8cff7 100644
--- a/lustre/llite/dir.c
+++ b/lustre/llite/dir.c
@@ -876,7 +876,7 @@ static int ll_dir_ioctl(struct inode *inode, struct file *file,
struct obd_quotactl *oqctl;
int rc, error = 0;
- if (!capable(CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
RETURN(-EPERM);
OBD_ALLOC_PTR(oqctl);
@@ -900,7 +900,7 @@ static int ll_dir_ioctl(struct inode *inode, struct file *file,
struct if_quotacheck *check;
int rc;
- if (!capable(CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
RETURN(-EPERM);
OBD_ALLOC_PTR(check);
@@ -956,13 +956,13 @@ static int ll_dir_ioctl(struct inode *inode, struct file *file,
case Q_QUOTAOFF:
case Q_SETQUOTA:
case Q_SETINFO:
- if (!capable(CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
GOTO(out_quotactl, rc = -EPERM);
break;
case Q_GETQUOTA:
if (((type == USRQUOTA && current->euid != id) ||
(type == GRPQUOTA && !in_egroup_p(id))) &&
- !capable(CAP_SYS_ADMIN))
+ !cfs_capable(CFS_CAP_SYS_ADMIN))
GOTO(out_quotactl, rc = -EPERM);
/* XXX: dqb_valid is borrowed as a flag to mark that
diff --git a/lustre/llite/file.c b/lustre/llite/file.c
index e73d6e178ab0ca0e392ea6dce652b16985ce5041..1b0df577b6f58727a79a73626b6bb2ccf089b615 100644
--- a/lustre/llite/file.c
+++ b/lustre/llite/file.c
@@ -1921,7 +1921,7 @@ static int ll_lov_recreate_obj(struct inode *inode, struct file *file,
struct lov_stripe_md *lsm, *lsm2;
ENTRY;
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
RETURN(-EPERM);
rc = copy_from_user(&ucreatp, (struct ll_recreate_obj *)arg,
@@ -2134,7 +2134,7 @@ static int ll_lov_setea(struct inode *inode, struct file *file,
int rc;
ENTRY;
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
RETURN(-EPERM);
OBD_ALLOC(lump, lum_size);
@@ -3146,10 +3146,10 @@ check_groups:
check_capabilities:
if (!(mask & MAY_EXEC) ||
(inode->i_mode & S_IXUGO) || S_ISDIR(inode->i_mode))
- if (capable(CAP_DAC_OVERRIDE))
+ if (cfs_capable(CFS_CAP_DAC_OVERRIDE))
return 0;
- if (capable(CAP_DAC_READ_SEARCH) && ((mask == MAY_READ) ||
+ if (cfs_capable(CFS_CAP_DAC_READ_SEARCH) && ((mask == MAY_READ) ||
(S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE))))
return 0;
diff --git a/lustre/llite/llite_lib.c b/lustre/llite/llite_lib.c
index 97f04b3bdff5998670d49f465b4f14ef272f95e9..ccaeec26209c9dc34f4ac29f583edf32d071e83c 100644
--- a/lustre/llite/llite_lib.c
+++ b/lustre/llite/llite_lib.c
@@ -1444,7 +1444,8 @@ int ll_setattr_raw(struct inode *inode, struct iattr *attr)
/* POSIX: check before ATTR_*TIME_SET set (from inode_change_ok) */
if (ia_valid & (ATTR_MTIME_SET | ATTR_ATIME_SET)) {
- if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER))
+ if (current->fsuid != inode->i_uid &&
+ !cfs_capable(CFS_CAP_FOWNER))
RETURN(-EPERM);
}
diff --git a/lustre/llite/namei.c b/lustre/llite/namei.c
index 435f9ec6424328fd01a7f3fd67fb5b034787444e..0832d9a25df379c683d0657af77081c26fff3dad 100644
--- a/lustre/llite/namei.c
+++ b/lustre/llite/namei.c
@@ -901,7 +901,7 @@ static int ll_new_node(struct inode *dir, struct qstr *name,
err = mdc_create(sbi->ll_mdc_exp, &op_data, tgt, tgt_len,
mode, current->fsuid, current->fsgid,
- current->cap_effective, rdev, &request);
+ cfs_curproc_cap_pack(), rdev, &request);
if (err)
GOTO(err_exit, err);
diff --git a/lustre/llite/rw.c b/lustre/llite/rw.c
index 107f6894a12c7f5e5a3b218b7b9e6f160fb47d65..1702f202ec7a3e9feb51c233307b4560ed473fe5 100644
--- a/lustre/llite/rw.c
+++ b/lustre/llite/rw.c
@@ -843,7 +843,7 @@ int ll_commit_write(struct file *file, struct page *page, unsigned from,
if (exp == NULL)
RETURN(-EINVAL);
- llap->llap_ignore_quota = capable(CAP_SYS_RESOURCE);
+ llap->llap_ignore_quota = cfs_capable(CFS_CAP_SYS_RESOURCE);
/* queue a write for some time in the future the first time we
* dirty the page */
@@ -2038,7 +2038,7 @@ static int ll_file_oig_pages(struct inode * inode, struct page **pages,
if (rc)
RETURN(rc);
brw_flags = OBD_BRW_SRVLOCK;
- if (capable(CAP_SYS_RESOURCE))
+ if (cfs_capable(CFS_CAP_SYS_RESOURCE))
brw_flags |= OBD_BRW_NOQUOTA;
for (i = 0; i < numpages; i++) {
diff --git a/lustre/llite/xattr.c b/lustre/llite/xattr.c
index 77e4ef53bd192d43cbab172d904da36c7523913e..63d2761f80ea48c358605b42d4fb51b4e7c33262 100644
--- a/lustre/llite/xattr.c
+++ b/lustre/llite/xattr.c
@@ -112,7 +112,7 @@ int xattr_type_filter(struct ll_sb_info *sbi, int xattr_type)
if (xattr_type == XATTR_USER_T && !(sbi->ll_flags & LL_SBI_USER_XATTR))
return -EOPNOTSUPP;
- if (xattr_type == XATTR_TRUSTED_T && !capable(CAP_SYS_ADMIN))
+ if (xattr_type == XATTR_TRUSTED_T && !cfs_capable(CFS_CAP_SYS_ADMIN))
return -EPERM;
if (xattr_type == XATTR_OTHER_T)
return -EOPNOTSUPP;
diff --git a/lustre/mdc/mdc_internal.h b/lustre/mdc/mdc_internal.h
index 11935dbba1c4bd92819f5920160ac5ef10cfdeb3..049727615f5de618f9d90c9b8712a714a4e0409a 100644
--- a/lustre/mdc/mdc_internal.h
+++ b/lustre/mdc/mdc_internal.h
@@ -60,7 +60,7 @@ void mdc_setattr_pack(struct ptlrpc_request *req, int offset,
void *ea2, int ea2len);
void mdc_create_pack(struct ptlrpc_request *req, int offset,
struct mdc_op_data *op_data, const void *data, int datalen,
- __u32 mode, __u32 uid, __u32 gid, __u32 cap_effective,
+ __u32 mode, __u32 uid, __u32 gid, cfs_cap_t cap_effective,
__u64 rdev);
void mdc_open_pack(struct ptlrpc_request *req, int offset,
struct mdc_op_data *op_data, __u32 mode, __u64 rdev,
diff --git a/lustre/mdc/mdc_lib.c b/lustre/mdc/mdc_lib.c
index 575cf612a113e4cfb46477d7a7aea24947d509c1..f5106bdf59bca13a508e7f23f4f405c77ed33f9e 100644
--- a/lustre/mdc/mdc_lib.c
+++ b/lustre/mdc/mdc_lib.c
@@ -58,7 +58,7 @@ void mdc_readdir_pack(struct ptlrpc_request *req, int offset, __u64 pg_off,
b = lustre_msg_buf(req->rq_reqmsg, offset, sizeof(*b));
b->fsuid = current->fsuid;
b->fsgid = current->fsgid;
- b->capability = current->cap_effective;
+ b->capability = cfs_curproc_cap_pack();
b->fid1 = *fid;
b->size = pg_off; /* !! */
b->suppgid = -1;
@@ -71,7 +71,7 @@ static void mdc_pack_body(struct mds_body *b)
b->fsuid = current->fsuid;
b->fsgid = current->fsgid;
- b->capability = current->cap_effective;
+ b->capability = cfs_curproc_cap_pack();
}
void mdc_pack_req_body(struct ptlrpc_request *req, int offset,
@@ -90,7 +90,7 @@ void mdc_pack_req_body(struct ptlrpc_request *req, int offset,
/* packing of MDS records */
void mdc_create_pack(struct ptlrpc_request *req, int offset,
struct mdc_op_data *op_data, const void *data, int datalen,
- __u32 mode, __u32 uid, __u32 gid, __u32 cap_effective,
+ __u32 mode, __u32 uid, __u32 gid, cfs_cap_t cap_effective,
__u64 rdev)
{
struct mds_rec_create *rec;
@@ -168,7 +168,7 @@ void mdc_open_pack(struct ptlrpc_request *req, int offset,
rec->cr_opcode = REINT_OPEN;
rec->cr_fsuid = current->fsuid;
rec->cr_fsgid = current->fsgid;
- rec->cr_cap = current->cap_effective;
+ rec->cr_cap = cfs_curproc_cap_pack();
rec->cr_fid = op_data->fid1;
memset(&rec->cr_replayfid, 0, sizeof(rec->cr_replayfid));
rec->cr_mode = mode;
@@ -242,7 +242,7 @@ void mdc_setattr_pack(struct ptlrpc_request *req, int offset,
rec->sa_opcode = REINT_SETATTR;
rec->sa_fsuid = current->fsuid;
rec->sa_fsgid = current->fsgid;
- rec->sa_cap = current->cap_effective;
+ rec->sa_cap = cfs_curproc_cap_pack();
rec->sa_fid = data->fid1;
rec->sa_suppgid = -1;
@@ -286,7 +286,7 @@ void mdc_unlink_pack(struct ptlrpc_request *req, int offset,
rec->ul_opcode = REINT_UNLINK;
rec->ul_fsuid = current->fsuid;
rec->ul_fsgid = current->fsgid;
- rec->ul_cap = current->cap_effective;
+ rec->ul_cap = cfs_curproc_cap_pack();
rec->ul_mode = data->create_mode;
rec->ul_suppgid = data->suppgids[0];
rec->ul_fid1 = data->fid1;
@@ -309,7 +309,7 @@ void mdc_link_pack(struct ptlrpc_request *req, int offset,
rec->lk_opcode = REINT_LINK;
rec->lk_fsuid = current->fsuid;
rec->lk_fsgid = current->fsgid;
- rec->lk_cap = current->cap_effective;
+ rec->lk_cap = cfs_curproc_cap_pack();
rec->lk_suppgid1 = data->suppgids[0];
rec->lk_suppgid2 = data->suppgids[1];
rec->lk_fid1 = data->fid1;
@@ -333,7 +333,7 @@ void mdc_rename_pack(struct ptlrpc_request *req, int offset,
rec->rn_opcode = REINT_RENAME;
rec->rn_fsuid = current->fsuid;
rec->rn_fsgid = current->fsgid;
- rec->rn_cap = current->cap_effective;
+ rec->rn_cap = cfs_curproc_cap_pack();
rec->rn_suppgid1 = data->suppgids[0];
rec->rn_suppgid2 = data->suppgids[1];
rec->rn_fid1 = data->fid1;
@@ -357,7 +357,7 @@ void mdc_getattr_pack(struct ptlrpc_request *req, int offset, __u64 valid,
b->fsuid = current->fsuid;
b->fsgid = current->fsgid;
- b->capability = current->cap_effective;
+ b->capability = cfs_curproc_cap_pack();
b->valid = valid;
b->flags = flags | MDS_BFLAG_EXT_FLAGS;
/* skip MDS_BFLAG_EXT_FLAGS to verify the "client < 1.4.7" case
diff --git a/lustre/mdc/mdc_reint.c b/lustre/mdc/mdc_reint.c
index f9cfe69f7056efbd611258a4bd4b67d71159c07b..a51d03e855c767e5216d1aee33fd37f438284342 100644
--- a/lustre/mdc/mdc_reint.c
+++ b/lustre/mdc/mdc_reint.c
@@ -176,7 +176,8 @@ int mdc_setattr(struct obd_export *exp, struct mdc_op_data *op_data,
int mdc_create(struct obd_export *exp, struct mdc_op_data *op_data,
const void *data, int datalen, int mode, __u32 uid, __u32 gid,
- __u32 cap_effective, __u64 rdev, struct ptlrpc_request **request)
+ cfs_cap_t cap_effective, __u64 rdev,
+ struct ptlrpc_request **request)
{
CFS_LIST_HEAD(cancels);
struct obd_device *obd = exp->exp_obd;
diff --git a/lustre/mds/mds_internal.h b/lustre/mds/mds_internal.h
index 27d97a04a522e4f3b10dca09c86f2353307ff80c..91e2774cddf95888bf1238269346549989e9fca7 100644
--- a/lustre/mds/mds_internal.h
+++ b/lustre/mds/mds_internal.h
@@ -198,7 +198,7 @@ int mds_init_ucred(struct lvfs_ucred *ucred, struct ptlrpc_request *req,
int offset);
void mds_exit_ucred(struct lvfs_ucred *ucred, struct mds_obd *obd);
void mds_root_squash(struct mds_obd *mds, lnet_nid_t *peernid,
- __u32 *fsuid, __u32 *fsgid, __u32 *cap,
+ __u32 *fsuid, __u32 *fsgid, cfs_kernel_cap_t *cap,
__u32 *suppgid, __u32 *suppgid2);
/* mds/mds_unlink_open.c */
diff --git a/lustre/mds/mds_lib.c b/lustre/mds/mds_lib.c
index b1bad61d8505930bde2fb3111394549259f6e76d..3ba3e53dd60997ca94d373819cdcad1a73c449fd 100644
--- a/lustre/mds/mds_lib.c
+++ b/lustre/mds/mds_lib.c
@@ -156,7 +156,7 @@ static int mds_setattr_unpack(struct ptlrpc_request *req, int offset,
r->ur_uc.luc_fsuid = rec->sa_fsuid;
r->ur_uc.luc_fsgid = rec->sa_fsgid;
- r->ur_uc.luc_cap = rec->sa_cap;
+ cfs_kernel_cap_unpack(&r->ur_uc.luc_cap, rec->sa_cap);
r->ur_uc.luc_suppgid1 = rec->sa_suppgid;
r->ur_uc.luc_suppgid2 = -1;
r->ur_fid1 = &rec->sa_fid;
@@ -206,7 +206,7 @@ static int mds_create_unpack(struct ptlrpc_request *req, int offset,
r->ur_uc.luc_fsuid = rec->cr_fsuid;
r->ur_uc.luc_fsgid = rec->cr_fsgid;
- r->ur_uc.luc_cap = rec->cr_cap;
+ cfs_kernel_cap_unpack(&r->ur_uc.luc_cap, rec->cr_cap);
r->ur_uc.luc_suppgid1 = rec->cr_suppgid;
r->ur_uc.luc_suppgid2 = -1;
r->ur_fid1 = &rec->cr_fid;
@@ -259,7 +259,7 @@ static int mds_link_unpack(struct ptlrpc_request *req, int offset,
r->ur_uc.luc_fsuid = rec->lk_fsuid;
r->ur_uc.luc_fsgid = rec->lk_fsgid;
- r->ur_uc.luc_cap = rec->lk_cap;
+ cfs_kernel_cap_unpack(&r->ur_uc.luc_cap, rec->lk_cap);
r->ur_uc.luc_suppgid1 = rec->lk_suppgid1;
r->ur_uc.luc_suppgid2 = rec->lk_suppgid2;
r->ur_fid1 = &rec->lk_fid1;
@@ -294,7 +294,7 @@ static int mds_unlink_unpack(struct ptlrpc_request *req, int offset,
r->ur_uc.luc_fsuid = rec->ul_fsuid;
r->ur_uc.luc_fsgid = rec->ul_fsgid;
- r->ur_uc.luc_cap = rec->ul_cap;
+ cfs_kernel_cap_unpack(&r->ur_uc.luc_cap, rec->ul_cap);
r->ur_uc.luc_suppgid1 = rec->ul_suppgid;
r->ur_uc.luc_suppgid2 = -1;
r->ur_mode = rec->ul_mode;
@@ -331,7 +331,7 @@ static int mds_rename_unpack(struct ptlrpc_request *req, int offset,
r->ur_uc.luc_fsuid = rec->rn_fsuid;
r->ur_uc.luc_fsgid = rec->rn_fsgid;
- r->ur_uc.luc_cap = rec->rn_cap;
+ cfs_kernel_cap_unpack(&r->ur_uc.luc_cap, rec->rn_cap);
r->ur_uc.luc_suppgid1 = rec->rn_suppgid1;
r->ur_uc.luc_suppgid2 = rec->rn_suppgid2;
r->ur_fid1 = &rec->rn_fid1;
@@ -372,7 +372,7 @@ static int mds_open_unpack(struct ptlrpc_request *req, int offset,
r->ur_uc.luc_fsuid = rec->cr_fsuid;
r->ur_uc.luc_fsgid = rec->cr_fsgid;
- r->ur_uc.luc_cap = rec->cr_cap;
+ cfs_kernel_cap_unpack(&r->ur_uc.luc_cap, rec->cr_cap);
r->ur_uc.luc_suppgid1 = rec->cr_suppgid;
r->ur_uc.luc_suppgid2 = -1;
r->ur_fid1 = &rec->cr_fid;
@@ -440,7 +440,7 @@ int mds_update_unpack(struct ptlrpc_request *req, int offset,
}
void mds_root_squash(struct mds_obd *mds, lnet_nid_t *peernid,
- __u32 *fsuid, __u32 *fsgid, __u32 *cap,
+ __u32 *fsuid, __u32 *fsgid, cfs_kernel_cap_t *kcap,
__u32 *suppgid, __u32 *suppgid2)
{
if (!mds->mds_squash_uid || *fsuid)
@@ -449,13 +449,13 @@ void mds_root_squash(struct mds_obd *mds, lnet_nid_t *peernid,
if (*peernid == mds->mds_nosquash_nid)
return;
- CDEBUG(D_OTHER, "squash req from %s, (%d:%d/%x)=>(%d:%d/%x)\n",
- libcfs_nid2str(*peernid), *fsuid, *fsgid, *cap,
- mds->mds_squash_uid, mds->mds_squash_gid, 0);
+ CDEBUG(D_OTHER, "squash req from %s, (%d:%d)=>(%d:%d)\n",
+ libcfs_nid2str(*peernid), *fsuid, *fsgid,
+ mds->mds_squash_uid, mds->mds_squash_gid);
*fsuid = mds->mds_squash_uid;
*fsgid = mds->mds_squash_gid;
- *cap = 0;
+ cfs_kernel_cap_unpack(kcap, 0);
*suppgid = -1;
if (suppgid2)
*suppgid2 = -1;
@@ -479,13 +479,13 @@ int mds_init_ucred(struct lvfs_ucred *ucred, struct ptlrpc_request *req,
} else
#endif
{
+ cfs_kernel_cap_unpack(&ucred->luc_cap, body->capability);
mds_root_squash(mds, &req->rq_peer.nid, &body->fsuid,
- &body->fsgid, &body->capability,
+ &body->fsgid, &ucred->luc_cap,
&body->suppgid, NULL);
ucred->luc_fsuid = body->fsuid;
ucred->luc_fsgid = body->fsgid;
- ucred->luc_cap = body->capability;
}
ucred->luc_uce = upcall_cache_get_entry(mds->mds_group_hash,
diff --git a/lustre/mds/mds_reint.c b/lustre/mds/mds_reint.c
index c7da418a9b925b0b70f5ae132d6301b2134f6fd7..8c088123245eb332def0ee3bb36edb13b88078da 100644
--- a/lustre/mds/mds_reint.c
+++ b/lustre/mds/mds_reint.c
@@ -2464,7 +2464,7 @@ int mds_reint_rec(struct mds_update_record *rec, int offset,
* NB root's creds are believed... */
LASSERT (req->rq_uid != 0);
rec->ur_uc.luc_fsuid = req->rq_uid;
- rec->ur_uc.luc_cap = 0;
+ cfs_kernel_cap_unpack(&rec->ur_uc.luc_cap, 0);
}
#endif
diff --git a/lustre/obdclass/linux/linux-obdo.c b/lustre/obdclass/linux/linux-obdo.c
index a8857bf9e92990a520c1ce97459bcdd6934fe982..04155cca1204fe61f1b2b0aec8ab7cd83b03f458 100644
--- a/lustre/obdclass/linux/linux-obdo.c
+++ b/lustre/obdclass/linux/linux-obdo.c
@@ -78,7 +78,7 @@ void obdo_from_iattr(struct obdo *oa, struct iattr *attr, unsigned int ia_valid)
if (ia_valid & ATTR_MODE) {
oa->o_mode = attr->ia_mode;
oa->o_valid |= OBD_MD_FLTYPE | OBD_MD_FLMODE;
- if (!in_group_p(oa->o_gid) && !capable(CAP_FSETID))
+ if (!in_group_p(oa->o_gid) && !cfs_capable(CFS_CAP_FSETID))
oa->o_mode &= ~S_ISGID;
}
if (ia_valid & ATTR_UID) {
@@ -126,7 +126,7 @@ void iattr_from_obdo(struct iattr *attr, struct obdo *oa, obd_flag valid)
if (valid & OBD_MD_FLMODE) {
attr->ia_mode = (attr->ia_mode & S_IFMT)|(oa->o_mode & ~S_IFMT);
attr->ia_valid |= ATTR_MODE;
- if (!in_group_p(oa->o_gid) && !capable(CAP_FSETID))
+ if (!in_group_p(oa->o_gid) && !cfs_capable(CFS_CAP_FSETID))
attr->ia_mode &= ~S_ISGID;
}
if (valid & OBD_MD_FLUID) {
diff --git a/lustre/obdclass/llog_obd.c b/lustre/obdclass/llog_obd.c
index d03b6372bdbcb61d160e8ea4da703d4d6363c843..77163a8095e6de07caa00aed53f9fe5cddc53447 100644
--- a/lustre/obdclass/llog_obd.c
+++ b/lustre/obdclass/llog_obd.c
@@ -206,8 +206,7 @@ int llog_add(struct llog_ctxt *ctxt, struct llog_rec_hdr *rec,
struct lov_stripe_md *lsm, struct llog_cookie *logcookies,
int numcookies)
{
- __u32 cap;
- int rc;
+ int raised, rc;
ENTRY;
if (!ctxt) {
@@ -216,10 +215,12 @@ int llog_add(struct llog_ctxt *ctxt, struct llog_rec_hdr *rec,
}
CTXT_CHECK_OP(ctxt, add, -EOPNOTSUPP);
- cap = current->cap_effective;
- cap_raise(current->cap_effective, CAP_SYS_RESOURCE);
+ raised = cfs_cap_raised(CFS_CAP_SYS_RESOURCE);
+ if (!raised)
+ cfs_cap_raise(CFS_CAP_SYS_RESOURCE);
rc = CTXTP(ctxt, add)(ctxt, rec, lsm, logcookies, numcookies);
- current->cap_effective = cap;
+ if (!raised)
+ cfs_cap_lower(CFS_CAP_SYS_RESOURCE);
RETURN(rc);
}
EXPORT_SYMBOL(llog_add);
diff --git a/lustre/obdecho/echo_client.c b/lustre/obdecho/echo_client.c
index 8e54dbb074ede96704b7a30d8b383e3f44e6fbe2..bd8127da6046003bf6db2fa80440c836087158c1 100644
--- a/lustre/obdecho/echo_client.c
+++ b/lustre/obdecho/echo_client.c
@@ -1148,7 +1148,7 @@ echo_client_iocontrol(unsigned int cmd, struct obd_export *exp,
switch (cmd) {
case OBD_IOC_CREATE: /* may create echo object */
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
GOTO (out, rc = -EPERM);
rc = echo_create_object (obd, 1, &data->ioc_obdo1,
@@ -1157,7 +1157,7 @@ echo_client_iocontrol(unsigned int cmd, struct obd_export *exp,
GOTO(out, rc);
case OBD_IOC_DESTROY:
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
GOTO (out, rc = -EPERM);
rc = echo_get_object (&eco, obd, &data->ioc_obdo1);
if (rc == 0) {
@@ -1184,7 +1184,7 @@ echo_client_iocontrol(unsigned int cmd, struct obd_export *exp,
GOTO(out, rc);
case OBD_IOC_SETATTR:
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
GOTO (out, rc = -EPERM);
rc = echo_get_object (&eco, obd, &data->ioc_obdo1);
@@ -1199,7 +1199,7 @@ echo_client_iocontrol(unsigned int cmd, struct obd_export *exp,
GOTO(out, rc);
case OBD_IOC_BRW_WRITE:
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
GOTO (out, rc = -EPERM);
rw = OBD_BRW_WRITE;
@@ -1218,7 +1218,7 @@ echo_client_iocontrol(unsigned int cmd, struct obd_export *exp,
GOTO(out, rc);
case ECHO_IOC_SET_STRIPE:
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
GOTO (out, rc = -EPERM);
if (data->ioc_pbuf1 == NULL) { /* unset */
@@ -1235,7 +1235,7 @@ echo_client_iocontrol(unsigned int cmd, struct obd_export *exp,
GOTO (out, rc);
case ECHO_IOC_ENQUEUE:
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
GOTO (out, rc = -EPERM);
rc = echo_client_enqueue(exp, &data->ioc_obdo1,
diff --git a/lustre/obdfilter/filter.c b/lustre/obdfilter/filter.c
index ebbac7e539f0d2204b08c1144dac7bb513d3fa37..80ea370a6e570dc6e14f3f1e6d11f589684b1e9a 100644
--- a/lustre/obdfilter/filter.c
+++ b/lustre/obdfilter/filter.c
@@ -1352,8 +1352,9 @@ int filter_vfs_unlink(struct inode *dir, struct dentry *dentry,
GOTO(out, rc = -EPERM);
/* check_sticky() */
- if ((dentry->d_inode->i_uid != current->fsuid && !capable(CAP_FOWNER))||
- IS_APPEND(dentry->d_inode) || IS_IMMUTABLE(dentry->d_inode))
+ if ((dentry->d_inode->i_uid != current->fsuid &&
+ !cfs_capable(CFS_CAP_FOWNER)) || IS_APPEND(dentry->d_inode) ||
+ IS_IMMUTABLE(dentry->d_inode))
GOTO(out, rc = -EPERM);
/* NOTE: This might need to go outside i_mutex, though it isn't clear if
diff --git a/lustre/obdfilter/filter_io_24.c b/lustre/obdfilter/filter_io_24.c
index 45fe017ba109a135ca81be954f758e514cf8cc8f..6031c1fec4854a8b405bb6e81d62b09456935b0d 100644
--- a/lustre/obdfilter/filter_io_24.c
+++ b/lustre/obdfilter/filter_io_24.c
@@ -506,7 +506,7 @@ int filter_commitrw_write(struct obd_export *exp, struct obdo *oa, int objcount,
CDEBUG(D_INODE, "update UID/GID to %lu/%lu\n",
(unsigned long)oa->o_uid, (unsigned long)oa->o_gid);
- cap_raise(current->cap_effective, CAP_SYS_RESOURCE);
+ cfs_cap_raise(CFS_CAP_SYS_RESOURCE);
iattr.ia_valid |= ATTR_MODE;
iattr.ia_mode = inode->i_mode;
diff --git a/lustre/obdfilter/filter_io_26.c b/lustre/obdfilter/filter_io_26.c
index 6fd6b3a33532bfd6bac7fa4793a48668d58f60e9..a98d4fcae7deb2ee1e57b29ae1c722ecdc4757f2 100644
--- a/lustre/obdfilter/filter_io_26.c
+++ b/lustre/obdfilter/filter_io_26.c
@@ -745,7 +745,7 @@ int filter_commitrw_write(struct obd_export *exp, struct obdo *oa,
CDEBUG(D_INODE, "update UID/GID to %lu/%lu\n",
(unsigned long)oa->o_uid, (unsigned long)oa->o_gid);
- cap_raise(current->cap_effective, CAP_SYS_RESOURCE);
+ cfs_cap_raise(CFS_CAP_SYS_RESOURCE);
iattr.ia_valid |= ATTR_MODE;
iattr.ia_mode = inode->i_mode;
diff --git a/lustre/osc/osc_request.c b/lustre/osc/osc_request.c
index 86818af89a9b8db5c11ed13d552eab92c8145e75..861e36d0cf3ac0063ad1dedf0a19bba825ffcb58 100644
--- a/lustre/osc/osc_request.c
+++ b/lustre/osc/osc_request.c
@@ -3426,7 +3426,7 @@ static int osc_iocontrol(unsigned int cmd, struct obd_export *exp, int len,
case OBD_IOC_DESTROY: {
struct obdo *oa;
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
GOTO (out, err = -EPERM);
oa = &data->ioc_obdo1;
diff --git a/lustre/quota/quota_interface.c b/lustre/quota/quota_interface.c
index 0097c94161bfcf7539ff2cf705d601e0b8b0ec6b..1ec25e38f1002d1c8bfd34ce72b36f234008cac8 100644
--- a/lustre/quota/quota_interface.c
+++ b/lustre/quota/quota_interface.c
@@ -156,9 +156,9 @@ static int filter_quota_enforce(struct obd_device *obd, unsigned int ignore)
if (ignore) {
CDEBUG(D_QUOTA, "blocks will be written with ignoring quota.\n");
- cap_raise(current->cap_effective, CAP_SYS_RESOURCE);
+ cfs_cap_raise(CFS_CAP_SYS_RESOURCE);
} else {
- cap_lower(current->cap_effective, CAP_SYS_RESOURCE);
+ cfs_cap_lower(CFS_CAP_SYS_RESOURCE);
}
RETURN(0);