security: filesystem capabilities refactor kernel code
authorAndrew G. Morgan <morgan@kernel.org>
Thu, 24 Jul 2008 04:28:25 +0000 (21:28 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Thu, 24 Jul 2008 17:47:22 +0000 (10:47 -0700)
commitab763c7112ce0e2559c73f921617c81dc7287ca6
tree110f60462a54e869402346b5ae9cfaed012cf8f4
parent5459c164f0591ee75ed0203bb8f3817f25948e2f
security: filesystem capabilities refactor kernel code

To date, we've tried hard to confine filesystem support for capabilities
to the security modules.  This has left a lot of the code in
kernel/capability.c in a state where it looks like it supports something
that filesystem support for capabilities actually suppresses when the LSM
security/commmoncap.c code runs.  What is left is a lot of code that uses
sub-optimal locking in the main kernel

With this change we refactor the main kernel code and make it explicit
which locks are needed and that the only remaining kernel races in this
area are associated with non-filesystem capability code.

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
kernel/capability.c