)]}' { "commit": "3b11a1decef07c19443d24ae926982bc8ec9f4c0", "tree": "b6555f0e5b07f4b2badd332a0a900b974920c49d", "parents": [ "98870ab0a5a3f1822aee681d2997017e1c87d026" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Nov 14 10:39:26 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 14 10:39:26 2008 +1100" }, "message": "CRED: Differentiate objective and effective subjective credentials on a task\n\nDifferentiate the objective and real subjective credentials from the effective\nsubjective credentials on a task by introducing a second credentials pointer\ninto the task_struct.\n\ntask_struct::real_cred then refers to the objective and apparent real\nsubjective credentials of a task, as perceived by the other tasks in the\nsystem.\n\ntask_struct::cred then refers to the effective subjective credentials of a\ntask, as used by that task when it\u0027s actually running. These are not visible\nto the other tasks in the system.\n\n__task_cred(task) then refers to the objective/real credentials of the task in\nquestion.\n\ncurrent_cred() refers to the effective subjective credentials of the current\ntask.\n\nprepare_creds() uses the objective creds as a base and commit_creds() changes\nboth pointers in the task_struct (indeed commit_creds() requires them to be the\nsame).\n\noverride_creds() and revert_creds() change the subjective creds pointer only,\nand the former returns the old subjective creds. These are used by NFSD,\nfaccessat() and do_coredump(), and will by used by CacheFiles.\n\nIn SELinux, current_has_perm() is provided as an alternative to\ntask_has_perm(). This uses the effective subjective context of current,\nwhereas task_has_perm() uses the objective/real context of the subject.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "836ffa1047d9690f53b63cb3d8d3db256226d1d6", "old_mode": 33188, "old_path": "fs/nfsd/auth.c", "new_id": "0184fe9b514cc2dbdb1b50c15900f927272c5fd3", "new_mode": 33188, "new_path": "fs/nfsd/auth.c" }, { "type": "modify", "old_id": "794aab5c66e57af5b9d9a988f7fab79a767ec2b8", "old_mode": 33188, "old_path": "include/linux/cred.h", "new_id": "55a9c995d694a23d47e53fa6107d8c8a7a1dfd9e", "new_mode": 33188, "new_path": "include/linux/cred.h" }, { "type": "modify", "old_id": "08c3b24ad9a8ec12fbe4985bb9e4a60ed5f32910", "old_mode": 33188, "old_path": "include/linux/init_task.h", "new_id": "2597858035cd5cb3c4bbc066519873e3912f5068", "new_mode": 33188, "new_path": "include/linux/init_task.h" }, { "type": "modify", "old_id": "121d655e460dab5e76c9bf3bb39ac5fdff5edcec", "old_mode": 33188, "old_path": "include/linux/sched.h", "new_id": "3443123b07096512f14c283a075043db1bdee54e", "new_mode": 33188, "new_path": "include/linux/sched.h" }, { "type": "modify", "old_id": "b8bd2f99d8cec97d04b0711fc1176eaeb06a45ff", "old_mode": 33188, "old_path": "kernel/cred.c", "new_id": "f3ca1066061715bd5c2e9f0dd93c8576fa9617d0", "new_mode": 33188, "new_path": "kernel/cred.c" }, { "type": "modify", "old_id": "82a7948a664e30021f077c30afbf9f6bd501557b", "old_mode": 33188, "old_path": "kernel/fork.c", "new_id": "af0d0f04585ca65b0cd02629733b61bc4c74a6d0", "new_mode": 33188, "new_path": "kernel/fork.c" }, { "type": "modify", "old_id": "21a59218463321278a03d7d75b7f50617546a989", "old_mode": 33188, "old_path": "security/selinux/hooks.c", "new_id": "91b06f2aa96363f49fe8999d665cd1e9328fe23a", "new_mode": 33188, "new_path": "security/selinux/hooks.c" } ] }