EXTRA_DIST = \
bitmap.h \
- curproc.h \
libcfs.h \
libcfs_cpu.h \
libcfs_crypto.h \
+++ /dev/null
-/*
- * GPL HEADER START
- *
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 only,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License version 2 for more details (a copy is included
- * in the LICENSE file that accompanied this code).
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; If not, see
- * http://www.gnu.org/licenses/gpl-2.0.html
- *
- * GPL HEADER END
- */
-/*
- * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
- * Use is subject to license terms.
- *
- * Copyright (c) 2012, 2014, Intel Corporation.
- */
-/*
- * This file is part of Lustre, http://www.lustre.org/
- *
- * libcfs/include/libcfs/curproc.h
- *
- * Lustre curproc API declaration
- *
- * Author: Nikita Danilov <nikita@clusterfs.com>
- */
-
-#ifndef __LIBCFS_CURPROC_H__
-#define __LIBCFS_CURPROC_H__
-
-typedef __u32 cfs_cap_t;
-
-static inline cfs_cap_t cfs_curproc_cap_pack(void)
-{
- /* cfs_cap_t is only the first word of kernel_cap_t */
- return (cfs_cap_t)(current_cap().cap[0]);
-}
-
-/* __LIBCFS_CURPROC_H__ */
-#endif
-/*
- * Local variables:
- * c-indentation-style: "K&R"
- * c-basic-offset: 8
- * tab-width: 8
- * fill-column: 80
- * scroll-step: 1
- * End:
- */
#include <libcfs/libcfs_workitem.h>
#include <libcfs/libcfs_hash.h>
#include <libcfs/libcfs_fail.h>
-#include "curproc.h"
#define LIBCFS_VERSION "0.7.1"
__u32 uc_fsuid;
__u32 uc_fsgid;
__u32 uc_suppgids[2];
- cfs_cap_t uc_cap;
+ kernel_cap_t uc_cap;
__u32 uc_umask;
struct group_info *uc_ginfo;
struct md_identity *uc_identity;
void lu_ucred_global_fini(void);
-#define md_cap_t(x) (x)
-
-#define MD_CAP_TO_MASK(x) BIT(x)
-
-#define md_cap_raised(c, flag) (md_cap_t(c) & MD_CAP_TO_MASK(flag))
-
/* capable() is copied from linux kernel! */
-static inline int md_capable(struct lu_ucred *uc, cfs_cap_t cap)
+static inline int md_capable(struct lu_ucred *uc, int cap)
{
- if (md_cap_raised(uc->uc_cap, cap))
+ if (cap_raised(uc->uc_cap, cap))
return 1;
return 0;
}
__u32 op_suppgids[2];
__u32 op_fsuid;
__u32 op_fsgid;
- cfs_cap_t op_cap;
+ kernel_cap_t op_cap;
void *op_data;
size_t op_data_size;
int (*m_create)(struct obd_export *, struct md_op_data *,
const void *, size_t, umode_t, uid_t, gid_t,
- cfs_cap_t, __u64, struct ptlrpc_request **);
+ kernel_cap_t, __u64, struct ptlrpc_request **);
int (*m_enqueue)(struct obd_export *, struct ldlm_enqueue_info *,
const union ldlm_policy_data *, struct md_op_data *,
static inline int md_create(struct obd_export *exp, struct md_op_data *op_data,
const void *data, size_t datalen, umode_t mode,
- uid_t uid, gid_t gid, cfs_cap_t cap_effective,
+ uid_t uid, gid_t gid, kernel_cap_t cap_effective,
__u64 rdev, struct ptlrpc_request **request)
{
int rc;
err = md_create(sbi->ll_md_exp, op_data, lump, len, mode,
from_kuid(&init_user_ns, current_fsuid()),
from_kgid(&init_user_ns, current_fsgid()),
- cfs_curproc_cap_pack(), 0, &request);
+ current_cap(), 0, &request);
if (err)
GOTO(out_request, err);
op_data->op_mod_time = ktime_get_real_seconds();
op_data->op_fsuid = from_kuid(&init_user_ns, current_fsuid());
op_data->op_fsgid = from_kgid(&init_user_ns, current_fsgid());
- op_data->op_cap = cfs_curproc_cap_pack();
+ op_data->op_cap = current_cap();
op_data->op_mds = 0;
if ((opc == LUSTRE_OPC_CREATE) && (name != NULL) &&
filename_is_volatile(name, namelen, &op_data->op_mds)) {
err = md_create(sbi->ll_md_exp, op_data, tgt, tgt_len, mode,
from_kuid(&init_user_ns, current_fsuid()),
from_kgid(&init_user_ns, current_fsgid()),
- cfs_curproc_cap_pack(), rdev, &request);
+ current_cap(), rdev, &request);
#if LUSTRE_VERSION_CODE < OBD_OCD_VERSION(2, 14, 58, 0)
/*
* server < 2.12.58 doesn't pack default LMV in intent_getattr reply,
int lmv_create(struct obd_export *exp, struct md_op_data *op_data,
const void *data, size_t datalen, umode_t mode, uid_t uid,
- gid_t gid, cfs_cap_t cap_effective, __u64 rdev,
+ gid_t gid, kernel_cap_t cap_effective, __u64 rdev,
struct ptlrpc_request **request)
{
struct obd_device *obd = exp->exp_obd;
op_data->op_fsuid = from_kuid(&init_user_ns, current_fsuid());
op_data->op_fsgid = from_kgid(&init_user_ns, current_fsgid());
- op_data->op_cap = cfs_curproc_cap_pack();
+ op_data->op_cap = current_cap();
tgt = lmv_locate_tgt2(lmv, op_data);
if (IS_ERR(tgt))
op_data->op_fsuid = from_kuid(&init_user_ns, current_fsuid());
op_data->op_fsgid = from_kgid(&init_user_ns, current_fsgid());
- op_data->op_cap = cfs_curproc_cap_pack();
+ op_data->op_cap = current_cap();
parent_tgt = lmv_fid2tgt(lmv, &op_data->op_fid1);
if (IS_ERR(parent_tgt))
op_data->op_fsuid = from_kuid(&init_user_ns, current_fsuid());
op_data->op_fsgid = from_kgid(&init_user_ns, current_fsgid());
- op_data->op_cap = cfs_curproc_cap_pack();
+ op_data->op_cap = current_cap();
op_data->op_name = new;
op_data->op_namelen = newlen;
op_data->op_fsuid = from_kuid(&init_user_ns, current_fsuid());
op_data->op_fsgid = from_kgid(&init_user_ns, current_fsgid());
- op_data->op_cap = cfs_curproc_cap_pack();
+ op_data->op_cap = current_cap();
retry:
parent_tgt = lmv_locate_tgt(lmv, op_data);
void *ea, size_t ealen);
void mdc_create_pack(struct req_capsule *pill, struct md_op_data *op_data,
const void *data, size_t datalen, umode_t mode,
- uid_t uid, gid_t gid, cfs_cap_t capability, __u64 rdev);
+ uid_t uid, gid_t gid, kernel_cap_t capability, u64 rdev);
void mdc_open_pack(struct req_capsule *pill, struct md_op_data *op_data,
umode_t mode, __u64 rdev, __u64 flags,
const void *data, size_t datalen);
int mdc_create(struct obd_export *exp, struct md_op_data *op_data,
const void *data, size_t datalen,
umode_t mode, uid_t uid, gid_t gid,
- cfs_cap_t capability, __u64 rdev,
+ kernel_cap_t capability, __u64 rdev,
struct ptlrpc_request **request);
int mdc_link(struct obd_export *exp, struct md_op_data *op_data,
struct ptlrpc_request **request);
b->mbo_gid = from_kgid(&init_user_ns, current_gid());
b->mbo_fsuid = from_kuid(&init_user_ns, current_fsuid());
b->mbo_fsgid = from_kgid(&init_user_ns, current_fsgid());
- b->mbo_capability = cfs_curproc_cap_pack();
+ b->mbo_capability = current_cap().cap[0];
}
void mdc_swap_layouts_pack(struct req_capsule *pill,
/* packing of MDS records */
void mdc_create_pack(struct req_capsule *pill, struct md_op_data *op_data,
const void *data, size_t datalen, umode_t mode,
- uid_t uid, gid_t gid, cfs_cap_t cap_effective, __u64 rdev)
+ uid_t uid, gid_t gid, kernel_cap_t cap_effective, u64 rdev)
{
struct mdt_rec_create *rec;
char *tmp;
rec->cr_opcode = REINT_CREATE;
rec->cr_fsuid = uid;
rec->cr_fsgid = gid;
- rec->cr_cap = cap_effective;
+ rec->cr_cap = cap_effective.cap[0];
rec->cr_fid1 = op_data->op_fid1;
rec->cr_fid2 = op_data->op_fid2;
rec->cr_mode = mode;
rec->cr_opcode = REINT_OPEN;
rec->cr_fsuid = from_kuid(&init_user_ns, current_fsuid());
rec->cr_fsgid = from_kgid(&init_user_ns, current_fsgid());
- rec->cr_cap = cfs_curproc_cap_pack();
+ rec->cr_cap = current_cap().cap[0];
rec->cr_mode = mode;
cr_flags = mds_pack_open_flags(flags);
rec->cr_rdev = rdev;
rec->sa_opcode = REINT_SETATTR;
rec->sa_fsuid = from_kuid(&init_user_ns, current_fsuid());
rec->sa_fsgid = from_kgid(&init_user_ns, current_fsgid());
- rec->sa_cap = cfs_curproc_cap_pack();
+ rec->sa_cap = current_cap().cap[0];
rec->sa_suppgid = -1;
rec->sa_fid = op_data->op_fid1;
REINT_RMENTRY : REINT_UNLINK;
rec->ul_fsuid = op_data->op_fsuid;
rec->ul_fsgid = op_data->op_fsgid;
- rec->ul_cap = op_data->op_cap;
+ rec->ul_cap = op_data->op_cap.cap[0];
rec->ul_mode = op_data->op_mode;
rec->ul_suppgid1 = op_data->op_suppgids[0];
rec->ul_suppgid2 = -1;
rec->lk_opcode = REINT_LINK;
rec->lk_fsuid = op_data->op_fsuid; /* current->fsuid; */
rec->lk_fsgid = op_data->op_fsgid; /* current->fsgid; */
- rec->lk_cap = op_data->op_cap; /* current->cap_effective; */
+ rec->lk_cap = op_data->op_cap.cap[0]; /* current->cap_effective; */
rec->lk_suppgid1 = op_data->op_suppgids[0];
rec->lk_suppgid2 = op_data->op_suppgids[1];
rec->lk_fid1 = op_data->op_fid1;
rec->rn_opcode = REINT_RENAME;
rec->rn_fsuid = op_data->op_fsuid;
rec->rn_fsgid = op_data->op_fsgid;
- rec->rn_cap = op_data->op_cap;
+ rec->rn_cap = op_data->op_cap.cap[0];
rec->rn_suppgid1 = op_data->op_suppgids[0];
rec->rn_suppgid2 = op_data->op_suppgids[1];
rec->rn_fid1 = op_data->op_fid1;
rec->rn_opcode = REINT_MIGRATE;
rec->rn_fsuid = op_data->op_fsuid;
rec->rn_fsgid = op_data->op_fsgid;
- rec->rn_cap = op_data->op_cap;
+ rec->rn_cap = op_data->op_cap.cap[0];
rec->rn_suppgid1 = op_data->op_suppgids[0];
rec->rn_suppgid2 = op_data->op_suppgids[1];
rec->rn_fid1 = op_data->op_fid1;
int mdc_create(struct obd_export *exp, struct md_op_data *op_data,
const void *data, size_t datalen,
umode_t mode, uid_t uid, gid_t gid,
- cfs_cap_t cap_effective, __u64 rdev,
+ kernel_cap_t cap_effective, __u64 rdev,
struct ptlrpc_request **request)
{
struct ptlrpc_request *req;
rec->rs_opcode = REINT_RESYNC;
rec->rs_fsuid = op_data->op_fsuid;
rec->rs_fsgid = op_data->op_fsgid;
- rec->rs_cap = op_data->op_cap;
+ rec->rs_cap = op_data->op_cap.cap[0];
rec->rs_fid = op_data->op_fid1;
rec->rs_bias = op_data->op_bias;
rec->rs_mirror_id = op_data->op_mirror_id;
rec->sx_opcode = REINT_SETXATTR;
rec->sx_fsuid = from_kuid(&init_user_ns, current_fsuid());
rec->sx_fsgid = from_kgid(&init_user_ns, current_fsgid());
- rec->sx_cap = cfs_curproc_cap_pack();
+ rec->sx_cap = current_cap().cap[0];
rec->sx_suppgid1 = suppgid;
rec->sx_suppgid2 = -1;
rec->sx_fid = *fid;
int hsm_init_ucred(struct lu_ucred *uc)
{
- kernel_cap_t kcap = cap_combine(CAP_FS_SET, CAP_NFSD_SET);
-
ENTRY;
uc->uc_valid = UCRED_OLD;
uc->uc_o_uid = 0;
uc->uc_fsgid = 0;
uc->uc_suppgids[0] = -1;
uc->uc_suppgids[1] = -1;
- uc->uc_cap = kcap.cap[0];
+ uc->uc_cap = cap_combine(CAP_FS_SET, CAP_NFSD_SET);
uc->uc_umask = 0777;
uc->uc_ginfo = NULL;
uc->uc_identity = NULL;
if (la->la_flags & LUSTRE_IMMUTABLE_FL)
rc = -EACCES;
- if (md_capable(uc, CAP_DAC_OVERRIDE))
+ if (cap_raised(uc->uc_cap, CAP_DAC_OVERRIDE))
RETURN(0);
if (uc->uc_fsuid == la->la_uid) {
if ((la->la_mode & S_IWUSR) == 0)
if (rc < 0)
return false;
- is_admin = md_capable(mdt_ucred(info), CAP_SYS_ADMIN);
+ is_admin = cap_raised(mdt_ucred(info)->uc_cap, CAP_SYS_ADMIN);
mdt_exit_ucred(info);
/* Non-root users are forbidden to set or clear flags which are
* NOT defined in HSM_USER_MASK. */
if (((hss->hss_setmask | hss->hss_clearmask) & ~HSM_USER_MASK) &&
- !md_capable(mdt_ucred(info), CAP_SYS_ADMIN)) {
+ !cap_raised(mdt_ucred(info)->uc_cap, CAP_SYS_ADMIN)) {
CDEBUG(D_HSM, "Incompatible masks provided (set %#llx"
", clear %#llx) vs unprivileged set (%#x).\n",
hss->hss_setmask, hss->hss_clearmask, HSM_USER_MASK);
if (hsma != HSMA_RESTORE && mdt_rdonly(mti->mti_exp))
RETURN(-EROFS);
- if (md_capable(uc, CAP_SYS_ADMIN))
+ if (cap_raised(uc->uc_cap, CAP_SYS_ADMIN))
RETURN(0);
ma->ma_need = MA_INODE;
/* In case of REMOVE and CANCEL a Lustre file
* is not mandatory, but restrict this
* exception to admins. */
- if (md_capable(mdt_ucred(mti), CAP_SYS_ADMIN) &&
+ if (cap_raised(mdt_ucred(mti)->uc_cap, CAP_SYS_ADMIN) &&
(hai->hai_action == HSMA_REMOVE ||
hai->hai_action == HSMA_CANCEL))
goto record;
uc = mdt_ucred(info);
is_admin = (uc->uc_uid == 0 && uc->uc_gid == 0 &&
- md_capable(uc, CAP_SYS_ADMIN));
+ cap_raised(uc->uc_cap, CAP_SYS_ADMIN));
mdt_exit_ucred(info);
CDEBUG(D_OTHER, "squash req from %s, (%d:%d/%x)=>(%d:%d/%x)\n",
libcfs_nid2str(peernid),
- ucred->uc_fsuid, ucred->uc_fsgid, ucred->uc_cap,
+ ucred->uc_fsuid, ucred->uc_fsgid, ucred->uc_cap.cap[0],
squash->rsi_uid, squash->rsi_gid, 0);
ucred->uc_fsuid = squash->rsi_uid;
ucred->uc_fsgid = squash->rsi_gid;
- ucred->uc_cap = 0;
+ ucred->uc_cap = CAP_EMPTY_SET;
ucred->uc_suppgids[0] = -1;
ucred->uc_suppgids[1] = -1;
ucred->uc_uid = pud->pud_uid;
ucred->uc_gid = pud->pud_gid;
- if (nodemap && ucred->uc_o_uid == nodemap->nm_squash_uid) {
- ucred->uc_cap = 0;
- } else {
- ucred->uc_cap = pud->pud_cap;
- }
+ ucred->uc_cap = CAP_EMPTY_SET;
+ if (!nodemap || ucred->uc_o_uid != nodemap->nm_squash_uid)
+ ucred->uc_cap.cap[0] = pud->pud_cap;
+
ucred->uc_fsuid = pud->pud_fsuid;
ucred->uc_fsgid = pud->pud_fsgid;
if (nodemap->nmf_deny_unknown)
RETURN(-EACCES);
- uc->uc_cap = 0;
+ uc->uc_cap = CAP_EMPTY_SET;
uc->uc_suppgids[0] = -1;
uc->uc_suppgids[1] = -1;
}
identity = mdt_identity_get(mdt->mdt_identity_cache,
uc->uc_fsuid);
if (IS_ERR(identity)) {
- kernel_cap_t kcap = cap_combine(CAP_FS_SET,
- CAP_NFSD_SET);
- u32 cap_mask = kcap.cap[0];
-
if (unlikely(PTR_ERR(identity) == -EREMCHG ||
- uc->uc_cap & cap_mask)) {
+ cap_raised(uc->uc_cap,
+ CAP_DAC_READ_SEARCH))) {
identity = NULL;
} else {
CDEBUG(D_SEC, "Deny access without identity: "
uc->uc_suppgids[0] = body->mbo_suppgid;
uc->uc_suppgids[1] = -1;
uc->uc_ginfo = NULL;
- uc->uc_cap = body->mbo_capability;
+ uc->uc_cap = CAP_EMPTY_SET;
+ uc->uc_cap.cap[0] = body->mbo_capability;
rc = old_init_ucred_common(info, nodemap);
nodemap_putref(nodemap);
/* LU-5564: for normal close request, skip permission check */
if (lustre_msg_get_opc(req->rq_reqmsg) == MDS_CLOSE &&
!(ma->ma_attr_flags & (MDS_HSM_RELEASE | MDS_CLOSE_LAYOUT_SWAP))) {
- kernel_cap_t kcap = { { uc->uc_cap, } };
-
- kcap = cap_raise_nfsd_set(kcap, CAP_FULL_SET);
- kcap = cap_raise_fs_set(kcap, CAP_FULL_SET);
- uc->uc_cap = kcap.cap[0];
+ cap_raise_nfsd_set(uc->uc_cap, CAP_FULL_SET);
+ cap_raise_fs_set(uc->uc_cap, CAP_FULL_SET);
}
mdt_exit_ucred(info);
/* This prior initialization is needed for old_init_ucred_reint() */
uc->uc_fsuid = rec->sa_fsuid;
uc->uc_fsgid = rec->sa_fsgid;
- uc->uc_cap = rec->sa_cap;
+ uc->uc_cap = CAP_EMPTY_SET;
+ uc->uc_cap.cap[0] = rec->sa_cap;
uc->uc_suppgids[0] = rec->sa_suppgid;
uc->uc_suppgids[1] = -1;
/* This prior initialization is needed for old_init_ucred_reint() */
uc->uc_fsuid = rec->cr_fsuid;
uc->uc_fsgid = rec->cr_fsgid;
- uc->uc_cap = rec->cr_cap;
+ uc->uc_cap = CAP_EMPTY_SET;
+ uc->uc_cap.cap[0] = rec->cr_cap;
uc->uc_suppgids[0] = rec->cr_suppgid1;
uc->uc_suppgids[1] = -1;
uc->uc_umask = rec->cr_umask;
/* This prior initialization is needed for old_init_ucred_reint() */
uc->uc_fsuid = rec->lk_fsuid;
uc->uc_fsgid = rec->lk_fsgid;
- uc->uc_cap = rec->lk_cap;
+ uc->uc_cap = CAP_EMPTY_SET;
+ uc->uc_cap.cap[0] = rec->lk_cap;
uc->uc_suppgids[0] = rec->lk_suppgid1;
uc->uc_suppgids[1] = rec->lk_suppgid2;
/* This prior initialization is needed for old_init_ucred_reint() */
uc->uc_fsuid = rec->ul_fsuid;
uc->uc_fsgid = rec->ul_fsgid;
- uc->uc_cap = rec->ul_cap;
+ uc->uc_cap = CAP_EMPTY_SET;
+ uc->uc_cap.cap[0] = rec->ul_cap;
uc->uc_suppgids[0] = rec->ul_suppgid1;
uc->uc_suppgids[1] = -1;
/* This prior initialization is needed for old_init_ucred_reint() */
uc->uc_fsuid = rec->rn_fsuid;
uc->uc_fsgid = rec->rn_fsgid;
- uc->uc_cap = rec->rn_cap;
+ uc->uc_cap = CAP_EMPTY_SET;
+ uc->uc_cap.cap[0] = rec->rn_cap;
uc->uc_suppgids[0] = rec->rn_suppgid1;
uc->uc_suppgids[1] = rec->rn_suppgid2;
/* This prior initialization is needed for old_init_ucred_reint() */
uc->uc_fsuid = rec->rn_fsuid;
uc->uc_fsgid = rec->rn_fsgid;
- uc->uc_cap = rec->rn_cap;
+ uc->uc_cap = CAP_EMPTY_SET;
+ uc->uc_cap.cap[0] = rec->rn_cap;
uc->uc_suppgids[0] = rec->rn_suppgid1;
uc->uc_suppgids[1] = rec->rn_suppgid2;
/* This prior initialization is needed for old_init_ucred_reint() */
uc->uc_fsuid = rec->cr_fsuid;
uc->uc_fsgid = rec->cr_fsgid;
- uc->uc_cap = rec->cr_cap;
+ uc->uc_cap = CAP_EMPTY_SET;
+ uc->uc_cap.cap[0] = rec->cr_cap;
uc->uc_suppgids[0] = rec->cr_suppgid1;
uc->uc_suppgids[1] = rec->cr_suppgid2;
uc->uc_umask = rec->cr_umask;
/* This prior initialization is needed for old_init_ucred_reint() */
uc->uc_fsuid = rec->sx_fsuid;
uc->uc_fsgid = rec->sx_fsgid;
- uc->uc_cap = rec->sx_cap;
+ uc->uc_cap = CAP_EMPTY_SET;
+ uc->uc_cap.cap[0] = rec->sx_cap;
uc->uc_suppgids[0] = rec->sx_suppgid1;
uc->uc_suppgids[1] = -1;
/* This prior initialization is needed for old_init_ucred_reint() */
uc->uc_fsuid = rec->rs_fsuid;
uc->uc_fsgid = rec->rs_fsgid;
- uc->uc_cap = rec->rs_cap;
+ uc->uc_cap = CAP_EMPTY_SET;
+ uc->uc_cap.cap[0] = rec->rs_cap;
rr->rr_fid1 = &rec->rs_fid;
rr->rr_mirror_id = rec->rs_mirror_id;
.ln_namelen = sizeof("i_am_nobody") - 1,
};
struct lu_ucred *uc;
- cfs_cap_t uc_cap_save;
+ kernel_cap_t uc_cap_save;
int rc;
ENTRY;
uc = lu_ucred(env);
uc_cap_save = uc->uc_cap;
- uc->uc_cap |= BIT(CAP_DAC_OVERRIDE);
+ cap_raise(uc->uc_cap, CAP_DAC_OVERRIDE);
rc = mdo_create(env, mdt_object_child(local_root), &lname,
mdt_object_child(obj), spec, attr);
uc->uc_cap = uc_cap_save;
struct mdt_object *orphan;
struct md_attr *orp_ma;
struct lu_buf *buf;
- cfs_cap_t cap;
+ kernel_cap_t cap;
bool lease_broken;
int rc;
int rc2;
/* The orphan has root ownership so we need to raise
* CAP_FOWNER to set the HSM attributes. */
cap = uc->uc_cap;
- uc->uc_cap |= MD_CAP_TO_MASK(CAP_FOWNER);
+ cap_raise(uc->uc_cap, CAP_FOWNER);
rc = mo_xattr_set(info->mti_env, mdt_object_child(orphan), buf,
XATTR_NAME_HSM, 0);
uc->uc_cap = cap;
LMV_HASH_TYPE_CRUSH)
RETURN(-EPROTO);
- if (!md_capable(uc, CAP_SYS_ADMIN) &&
+ if (!cap_raised(uc->uc_cap, CAP_SYS_ADMIN) &&
uc->uc_gid != mdt->mdt_enable_remote_dir_gid &&
mdt->mdt_enable_remote_dir_gid != -1)
RETURN(-EPERM);
struct md_attr *ma)
{
struct lu_ucred *uc = mdt_ucred(info);
- cfs_cap_t cap_saved;
+ kernel_cap_t cap_saved;
int rc;
ENTRY;
* set the HSM state to dirty.
*/
cap_saved = uc->uc_cap;
- uc->uc_cap |= MD_CAP_TO_MASK(CAP_FOWNER);
+ cap_raise(uc->uc_cap, CAP_FOWNER);
rc = mdt_hsm_attr_set(info, mo, &ma->ma_hsm);
uc->uc_cap = cap_saved;
if (rc)
!mdt->mdt_enable_striped_dir)
GOTO(out_put, rc = -EPERM);
- if (!md_capable(uc, CAP_SYS_ADMIN) &&
+ if (!cap_raised(uc->uc_cap, CAP_SYS_ADMIN) &&
uc->uc_gid != mdt->mdt_enable_remote_dir_gid &&
mdt->mdt_enable_remote_dir_gid != -1)
GOTO(out_put, rc = -EPERM);
/* Return -ENOTSUPP for old client */
GOTO(put_child, rc = -ENOTSUPP);
- if (!md_capable(uc, CAP_SYS_ADMIN))
+ if (!cap_raised(uc->uc_cap, CAP_SYS_ADMIN))
GOTO(put_child, rc = -EPERM);
ma->ma_need = MA_INODE;
if (!mdt->mdt_enable_remote_dir || !mdt->mdt_enable_dir_migration)
RETURN(-EPERM);
- if (uc && !md_capable(uc, CAP_SYS_ADMIN) &&
+ if (uc && !cap_raised(uc->uc_cap, CAP_SYS_ADMIN) &&
uc->uc_gid != mdt->mdt_enable_remote_dir_gid &&
mdt->mdt_enable_remote_dir_gid != -1)
RETURN(-EPERM);
int mdt_restriper_start(struct mdt_device *mdt)
{
struct mdt_dir_restriper *restriper = &mdt->mdt_restriper;
- kernel_cap_t kcap = cap_combine(CAP_FS_SET, CAP_NFSD_SET);
struct task_struct *task;
struct mdt_thread_info *info;
struct lu_ucred *uc;
uc->uc_fsgid = 0;
uc->uc_suppgids[0] = -1;
uc->uc_suppgids[1] = -1;
- uc->uc_cap = kcap.cap[0];
+ uc->uc_cap = cap_combine(CAP_FS_SET, CAP_NFSD_SET);
uc->uc_umask = 0644;
uc->uc_ginfo = NULL;
uc->uc_identity = NULL;
if (!mdt->mdt_enable_dir_migration)
RETURN(-EPERM);
- if (!md_capable(uc, CAP_SYS_ADMIN) &&
+ if (!cap_raised(uc->uc_cap, CAP_SYS_ADMIN) &&
uc->uc_gid != mdt->mdt_enable_remote_dir_gid &&
mdt->mdt_enable_remote_dir_gid != -1)
RETURN(-EPERM);
}
}
- if (!md_capable(mdt_ucred(info), CAP_SYS_ADMIN))
+ if (!cap_raised(mdt_ucred(info)->uc_cap, CAP_SYS_ADMIN))
GOTO(out, rc = -EPERM);
if (strcmp(xattr_name, XATTR_NAME_LOV) == 0 ||
from_kuid(&init_user_ns, current_fsuid());
ucred->uc_fsgid = ucred->uc_o_fsgid =
from_kgid(&init_user_ns, current_fsgid());
- ucred->uc_cap = cfs_curproc_cap_pack();
+ ucred->uc_cap = current_cap();
/* remove fs privilege for non-root user. */
if (ucred->uc_fsuid) {
kcap = cap_drop_nfsd_set(kcap);
kcap = cap_drop_fs_set(kcap);
}
- ucred->uc_cap = kcap.cap[0];
+ ucred->uc_cap = kcap;
ucred->uc_valid = UCRED_NEW;
}
b->mbo_gid = from_kgid(&init_user_ns, current_gid());
b->mbo_fsuid = from_kuid(&init_user_ns, current_fsuid());
b->mbo_fsgid = from_kgid(&init_user_ns, current_fsgid());
- b->mbo_capability = cfs_curproc_cap_pack();
+ b->mbo_capability = current_cap().cap[0];
}
#endif /* PTLRPC_INTERNAL_H */
pud->pud_gid = from_kgid(&init_user_ns, current_gid());
pud->pud_fsuid = from_kuid(&init_user_ns, current_fsuid());
pud->pud_fsgid = from_kgid(&init_user_ns, current_fsgid());
- pud->pud_cap = cfs_curproc_cap_pack();
+ pud->pud_cap = current_cap().cap[0];
pud->pud_ngroups = (msg->lm_buflens[offset] - sizeof(*pud)) / 4;
task_lock(current);