From a076975f9fed44e2b3a8b516aa7fe2ee6fbdb2bb Mon Sep 17 00:00:00 2001 From: "Mr. NeilBrown" Date: Thu, 10 Sep 2020 09:49:30 -0400 Subject: [PATCH] LU-9859 libcfs: replace all CFS_CAP_* macros with CAP_* Lustre defines a few CFS_CAP_* macros which are exactly the same as the corresponding CAP_* macro, with one exception. CFS_CAP_SYS_BOOT is 23 CAP_SYS_BOOT is 22. CFS_CAP_SYS_BOOT is only used through CFS_CAP_FS_MASK and causes capability 23 (CAP_SYS_NICE) to be dropped in certain circumstances. It is probable that the intention was to drop CAP_SYS_BOOT, and this is what is now done. CFS_CAP_CHOWN_MASK and CFS_CAP_SYS_RESOURCE_MASK are never used, so they have been removed. Linux-commit: 5ebaa2d14850205e44757c4d5fdd4097712d01ef Change-Id: Ifb90c0a36e204c76b90ff23ac609345d11b878da Signed-off-by: Mr. NeilBrown Signed-off-by: Greg Kroah-Hartman Reviewed-on: https://review.whamcloud.com/39875 Reviewed-by: Oleg Drokin Tested-by: Oleg Drokin --- libcfs/include/libcfs/curproc.h | 28 +++++++++------------------- lustre/llite/dir.c | 8 ++++---- lustre/llite/file.c | 6 +++--- lustre/llite/llite_lib.c | 4 ++-- lustre/llite/xattr.c | 2 +- lustre/mdd/mdd_dir.c | 4 ++-- lustre/mdd/mdd_object.c | 20 ++++++++++---------- lustre/mdd/mdd_permission.c | 6 +++--- lustre/mdd/mdd_trans.c | 2 +- lustre/mdt/mdt_handler.c | 2 +- lustre/mdt/mdt_hsm.c | 4 ++-- lustre/mdt/mdt_hsm_cdt_client.c | 4 ++-- lustre/mdt/mdt_internal.h | 2 +- lustre/mdt/mdt_open.c | 4 ++-- lustre/mdt/mdt_reint.c | 10 +++++----- lustre/mdt/mdt_xattr.c | 4 ++-- lustre/obdclass/class_obd.c | 2 +- lustre/obdecho/echo_client.c | 12 ++++++------ lustre/osc/osc_io.c | 2 +- 19 files changed, 58 insertions(+), 68 deletions(-) diff --git a/libcfs/include/libcfs/curproc.h b/libcfs/include/libcfs/curproc.h index cf2be32..ac947e8 100644 --- a/libcfs/include/libcfs/curproc.h +++ b/libcfs/include/libcfs/curproc.h @@ -41,25 +41,15 @@ typedef __u32 cfs_cap_t; -#define CFS_CAP_CHOWN 0 -#define CFS_CAP_DAC_OVERRIDE 1 -#define CFS_CAP_DAC_READ_SEARCH 2 -#define CFS_CAP_FOWNER 3 -#define CFS_CAP_FSETID 4 -#define CFS_CAP_LINUX_IMMUTABLE 9 -#define CFS_CAP_SYS_ADMIN 21 -#define CFS_CAP_SYS_BOOT 23 -#define CFS_CAP_SYS_RESOURCE 24 - -#define CFS_CAP_FS_MASK (BIT(CFS_CAP_CHOWN) | \ - BIT(CFS_CAP_DAC_OVERRIDE) | \ - BIT(CFS_CAP_DAC_READ_SEARCH) | \ - BIT(CFS_CAP_FOWNER) | \ - BIT(CFS_CAP_FSETID ) | \ - BIT(CFS_CAP_LINUX_IMMUTABLE) | \ - BIT(CFS_CAP_SYS_ADMIN) | \ - BIT(CFS_CAP_SYS_BOOT) | \ - BIT(CFS_CAP_SYS_RESOURCE)) +#define CFS_CAP_FS_MASK (BIT(CAP_CHOWN) | \ + BIT(CAP_DAC_OVERRIDE) | \ + BIT(CAP_DAC_READ_SEARCH) | \ + BIT(CAP_FOWNER) | \ + BIT(CAP_FSETID) | \ + BIT(CAP_LINUX_IMMUTABLE) | \ + BIT(CAP_SYS_ADMIN) | \ + BIT(CAP_SYS_BOOT) | \ + BIT(CAP_SYS_RESOURCE)) cfs_cap_t cfs_curproc_cap_pack(void); void cfs_curproc_cap_unpack(cfs_cap_t cap); diff --git a/lustre/llite/dir.c b/lustre/llite/dir.c index a57a11b..56d70d9 100644 --- a/lustre/llite/dir.c +++ b/lustre/llite/dir.c @@ -1142,14 +1142,14 @@ int quotactl_ioctl(struct ll_sb_info *sbi, struct if_quotactl *qctl) case LUSTRE_Q_SETDEFAULT: case LUSTRE_Q_SETQUOTAPOOL: case LUSTRE_Q_SETINFOPOOL: - if (!cfs_capable(CFS_CAP_SYS_ADMIN)) + if (!cfs_capable(CAP_SYS_ADMIN)) RETURN(-EPERM); break; case Q_GETQUOTA: case LUSTRE_Q_GETDEFAULT: case LUSTRE_Q_GETQUOTAPOOL: if (check_owner(type, id) && - (!cfs_capable(CFS_CAP_SYS_ADMIN))) + (!cfs_capable(CAP_SYS_ADMIN))) RETURN(-EPERM); break; case Q_GETINFO: @@ -1278,7 +1278,7 @@ int ll_rmfid(struct file *file, void __user *arg) int i, rc, *rcs = NULL; ENTRY; - if (!cfs_capable(CFS_CAP_DAC_READ_SEARCH) && + if (!cfs_capable(CAP_DAC_READ_SEARCH) && !(ll_i2sbi(file_inode(file))->ll_flags & LL_SBI_USER_FID2PATH)) RETURN(-EPERM); /* Only need to get the buflen */ @@ -2048,7 +2048,7 @@ out_hur: RETURN(rc); } case LL_IOC_HSM_CT_START: - if (!cfs_capable(CFS_CAP_SYS_ADMIN)) + if (!cfs_capable(CAP_SYS_ADMIN)) RETURN(-EPERM); rc = copy_and_ct_start(cmd, sbi->ll_md_exp, diff --git a/lustre/llite/file.c b/lustre/llite/file.c index 092c42d..540bd2f 100644 --- a/lustre/llite/file.c +++ b/lustre/llite/file.c @@ -2243,7 +2243,7 @@ static int ll_lov_setea(struct inode *inode, struct file *file, int rc; ENTRY; - if (!cfs_capable(CFS_CAP_SYS_ADMIN)) + if (!cfs_capable(CAP_SYS_ADMIN)) RETURN(-EPERM); OBD_ALLOC_LARGE(lump, lum_size); @@ -2565,7 +2565,7 @@ int ll_fid2path(struct inode *inode, void __user *arg) ENTRY; - if (!cfs_capable(CFS_CAP_DAC_READ_SEARCH) && + if (!cfs_capable(CAP_DAC_READ_SEARCH) && !(ll_i2sbi(inode)->ll_flags & LL_SBI_USER_FID2PATH)) RETURN(-EPERM); @@ -2853,7 +2853,7 @@ int ll_hsm_state_set(struct inode *inode, struct hsm_state_set *hss) /* Non-root users are forbidden to set or clear flags which are * NOT defined in HSM_USER_MASK. */ if (((hss->hss_setmask | hss->hss_clearmask) & ~HSM_USER_MASK) && - !cfs_capable(CFS_CAP_SYS_ADMIN)) + !cfs_capable(CAP_SYS_ADMIN)) RETURN(-EPERM); if (!exp_connect_archive_id_array(exp)) { diff --git a/lustre/llite/llite_lib.c b/lustre/llite/llite_lib.c index 1f094ce..7c78279 100644 --- a/lustre/llite/llite_lib.c +++ b/lustre/llite/llite_lib.c @@ -2051,7 +2051,7 @@ int ll_setattr_raw(struct dentry *dentry, struct iattr *attr, /* POSIX: check before ATTR_*TIME_SET set (from inode_change_ok) */ if (attr->ia_valid & TIMES_SET_FLAGS) { if ((!uid_eq(current_fsuid(), inode->i_uid)) && - !cfs_capable(CFS_CAP_FOWNER)) + !cfs_capable(CAP_FOWNER)) RETURN(-EPERM); } @@ -3391,7 +3391,7 @@ int ll_getparent(struct file *file, struct getparent __user *arg) ENTRY; - if (!cfs_capable(CFS_CAP_DAC_READ_SEARCH) && + if (!cfs_capable(CAP_DAC_READ_SEARCH) && !(ll_i2sbi(inode)->ll_flags & LL_SBI_USER_FID2PATH)) RETURN(-EPERM); diff --git a/lustre/llite/xattr.c b/lustre/llite/xattr.c index c5eff78..e23c47f 100644 --- a/lustre/llite/xattr.c +++ b/lustre/llite/xattr.c @@ -86,7 +86,7 @@ static int xattr_type_filter(struct ll_sb_info *sbi, return -EOPNOTSUPP; if (handler->flags == XATTR_TRUSTED_T && - !capable(CFS_CAP_SYS_ADMIN)) + !capable(CAP_SYS_ADMIN)) return -EPERM; return 0; diff --git a/lustre/mdd/mdd_dir.c b/lustre/mdd/mdd_dir.c index c0e27bf..c0cbf55 100644 --- a/lustre/mdd/mdd_dir.c +++ b/lustre/mdd/mdd_dir.c @@ -511,7 +511,7 @@ static inline int mdd_is_sticky(const struct lu_env *env, if (cattr->la_uid == uc->uc_fsuid) return 0; - return !md_capable(uc, CFS_CAP_FOWNER); + return !md_capable(uc, CAP_FOWNER); } static int mdd_may_delete_entry(const struct lu_env *env, @@ -2092,7 +2092,7 @@ static int mdd_create_sanity_check(const struct lu_env *env, !lustre_in_group_p(uc, (cattr->la_valid & LA_GID) ? cattr->la_gid : pattr->la_gid) && - !md_capable(uc, CFS_CAP_FSETID)) { + !md_capable(uc, CAP_FSETID)) { cattr->la_mode &= ~S_ISGID; cattr->la_valid |= LA_MODE; } diff --git a/lustre/mdd/mdd_object.c b/lustre/mdd/mdd_object.c index 6c6afbf..eab0991 100644 --- a/lustre/mdd/mdd_object.c +++ b/lustre/mdd/mdd_object.c @@ -685,7 +685,7 @@ static int mdd_fix_attr(const struct lu_env *env, struct mdd_object *obj, RETURN(0); if (is_project_state_change(oattr, la)) { - if (!md_capable(uc, CFS_CAP_SYS_RESOURCE) && + if (!md_capable(uc, CAP_SYS_RESOURCE) && !lustre_in_group_p(uc, ma->ma_enable_chprojid_gid) && !(ma->ma_enable_chprojid_gid == -1 && mdd_permission_internal(env, obj, oattr, MAY_WRITE))) @@ -727,13 +727,13 @@ static int mdd_fix_attr(const struct lu_env *env, struct mdd_object *obj, (LUSTRE_IMMUTABLE_FL | LUSTRE_APPEND_FL); if ((uc->uc_fsuid != oattr->la_uid) && - !md_capable(uc, CFS_CAP_FOWNER)) + !md_capable(uc, CAP_FOWNER)) RETURN(-EPERM); /* The IMMUTABLE and APPEND_ONLY flags can * only be changed by the relevant capability. */ if ((oldflags ^ newflags) && - !md_capable(uc, CFS_CAP_LINUX_IMMUTABLE)) + !md_capable(uc, CAP_LINUX_IMMUTABLE)) RETURN(-EPERM); if (!S_ISDIR(oattr->la_mode)) { @@ -758,7 +758,7 @@ static int mdd_fix_attr(const struct lu_env *env, struct mdd_object *obj, if ((la->la_valid & (LA_MTIME | LA_ATIME | LA_CTIME)) && !(la->la_valid & ~(LA_MTIME | LA_ATIME | LA_CTIME))) { if ((uc->uc_fsuid != oattr->la_uid) && - !md_capable(uc, CFS_CAP_FOWNER)) { + !md_capable(uc, CAP_FOWNER)) { rc = mdd_permission_internal(env, obj, oattr, MAY_WRITE); if (rc) @@ -791,7 +791,7 @@ static int mdd_fix_attr(const struct lu_env *env, struct mdd_object *obj, if (la->la_valid & LA_MODE) { if (!(flags & MDS_PERM_BYPASS) && (uc->uc_fsuid != oattr->la_uid) && - !md_capable(uc, CFS_CAP_FOWNER)) + !md_capable(uc, CAP_FOWNER)) RETURN(-EPERM); if (la->la_mode == (umode_t) -1) @@ -803,7 +803,7 @@ static int mdd_fix_attr(const struct lu_env *env, struct mdd_object *obj, /* Also check the setgid bit! */ if (!lustre_in_group_p(uc, (la->la_valid & LA_GID) ? la->la_gid : oattr->la_gid) && - !md_capable(uc, CFS_CAP_FSETID)) + !md_capable(uc, CAP_FSETID)) la->la_mode &= ~S_ISGID; } else { la->la_mode = oattr->la_mode; @@ -815,7 +815,7 @@ static int mdd_fix_attr(const struct lu_env *env, struct mdd_object *obj, la->la_uid = oattr->la_uid; if (((uc->uc_fsuid != oattr->la_uid) || (la->la_uid != oattr->la_uid)) && - !md_capable(uc, CFS_CAP_CHOWN)) + !md_capable(uc, CAP_CHOWN)) RETURN(-EPERM); /* If the user or group of a non-directory has been @@ -841,7 +841,7 @@ static int mdd_fix_attr(const struct lu_env *env, struct mdd_object *obj, if (((uc->uc_fsuid != oattr->la_uid) || ((la->la_gid != oattr->la_gid) && !lustre_in_group_p(uc, la->la_gid))) && - !md_capable(uc, CFS_CAP_CHOWN)) + !md_capable(uc, CAP_CHOWN)) RETURN(-EPERM); /* Likewise, if the user or group of a non-directory @@ -1352,11 +1352,11 @@ static int mdd_xattr_sanity_check(const struct lu_env *env, * can write attributes. */ if (S_ISDIR(attr->la_mode) && (attr->la_mode & S_ISVTX) && (uc->uc_fsuid != attr->la_uid) && - !md_capable(uc, CFS_CAP_FOWNER)) + !md_capable(uc, CAP_FOWNER)) RETURN(-EPERM); } else if (strcmp(name, XATTR_NAME_SOM) != 0 && (uc->uc_fsuid != attr->la_uid) && - !md_capable(uc, CFS_CAP_FOWNER)) { + !md_capable(uc, CAP_FOWNER)) { RETURN(-EPERM); } diff --git a/lustre/mdd/mdd_permission.c b/lustre/mdd/mdd_permission.c index 148c120..f230845 100644 --- a/lustre/mdd/mdd_permission.c +++ b/lustre/mdd/mdd_permission.c @@ -304,12 +304,12 @@ int __mdd_permission_internal(const struct lu_env *env, struct mdd_object *obj, check_capabilities: if (!(mask & MAY_EXEC) || (la->la_mode & S_IXUGO) || S_ISDIR(la->la_mode)) - if (md_capable(uc, CFS_CAP_DAC_OVERRIDE)) + if (md_capable(uc, CAP_DAC_OVERRIDE)) RETURN(0); if ((mask == MAY_READ) || (S_ISDIR(la->la_mode) && !(mask & MAY_WRITE))) - if (md_capable(uc, CFS_CAP_DAC_READ_SEARCH)) + if (md_capable(uc, CAP_DAC_READ_SEARCH)) RETURN(0); CDEBUG(D_SEC, "permission denied, mode %x, fsuid %u, uid %u\n", @@ -352,7 +352,7 @@ int mdd_permission(const struct lu_env *env, struct md_object *pobj, uc = lu_ucred_assert(env); if (cattr->la_uid != uc->uc_fsuid && - !md_capable(uc, CFS_CAP_FOWNER)) + !md_capable(uc, CAP_FOWNER)) rc = -EPERM; } diff --git a/lustre/mdd/mdd_trans.c b/lustre/mdd/mdd_trans.c index 8fe9361..27f775d 100644 --- a/lustre/mdd/mdd_trans.c +++ b/lustre/mdd/mdd_trans.c @@ -62,7 +62,7 @@ struct thandle *mdd_trans_create(const struct lu_env *env, th = mdd_child_ops(mdd)->dt_trans_create(env, mdd->mdd_child); if (!IS_ERR(th) && uc) - th->th_ignore_quota = !!md_capable(uc, CFS_CAP_SYS_RESOURCE); + th->th_ignore_quota = !!md_capable(uc, CAP_SYS_RESOURCE); return th; } diff --git a/lustre/mdt/mdt_handler.c b/lustre/mdt/mdt_handler.c index 8576a71..ced2362 100644 --- a/lustre/mdt/mdt_handler.c +++ b/lustre/mdt/mdt_handler.c @@ -2295,7 +2295,7 @@ static int mdt_rmfid_check_permission(struct mdt_thread_info *info, if (la->la_flags & LUSTRE_IMMUTABLE_FL) rc = -EACCES; - if (md_capable(uc, CFS_CAP_DAC_OVERRIDE)) + if (md_capable(uc, CAP_DAC_OVERRIDE)) RETURN(0); if (uc->uc_fsuid == la->la_uid) { if ((la->la_mode & S_IWUSR) == 0) diff --git a/lustre/mdt/mdt_hsm.c b/lustre/mdt/mdt_hsm.c index 92b842a..84b7c2f 100644 --- a/lustre/mdt/mdt_hsm.c +++ b/lustre/mdt/mdt_hsm.c @@ -91,7 +91,7 @@ static inline bool mdt_hsm_is_admin(struct mdt_thread_info *info) if (rc < 0) return false; - is_admin = md_capable(mdt_ucred(info), CFS_CAP_SYS_ADMIN); + is_admin = md_capable(mdt_ucred(info), CAP_SYS_ADMIN); mdt_exit_ucred(info); @@ -318,7 +318,7 @@ int mdt_hsm_state_set(struct tgt_session_info *tsi) /* Non-root users are forbidden to set or clear flags which are * NOT defined in HSM_USER_MASK. */ if (((hss->hss_setmask | hss->hss_clearmask) & ~HSM_USER_MASK) && - !md_capable(mdt_ucred(info), CFS_CAP_SYS_ADMIN)) { + !md_capable(mdt_ucred(info), CAP_SYS_ADMIN)) { CDEBUG(D_HSM, "Incompatible masks provided (set %#llx" ", clear %#llx) vs unprivileged set (%#x).\n", hss->hss_setmask, hss->hss_clearmask, HSM_USER_MASK); diff --git a/lustre/mdt/mdt_hsm_cdt_client.c b/lustre/mdt/mdt_hsm_cdt_client.c index 5cc2c35..12ec150 100644 --- a/lustre/mdt/mdt_hsm_cdt_client.c +++ b/lustre/mdt/mdt_hsm_cdt_client.c @@ -239,7 +239,7 @@ hsm_action_permission(struct mdt_thread_info *mti, if (hsma != HSMA_RESTORE && mdt_rdonly(mti->mti_exp)) RETURN(-EROFS); - if (md_capable(uc, CFS_CAP_SYS_ADMIN)) + if (md_capable(uc, CAP_SYS_ADMIN)) RETURN(0); ma->ma_need = MA_INODE; @@ -313,7 +313,7 @@ static int mdt_hsm_register_hal(struct mdt_thread_info *mti, /* In case of REMOVE and CANCEL a Lustre file * is not mandatory, but restrict this * exception to admins. */ - if (md_capable(mdt_ucred(mti), CFS_CAP_SYS_ADMIN) && + if (md_capable(mdt_ucred(mti), CAP_SYS_ADMIN) && (hai->hai_action == HSMA_REMOVE || hai->hai_action == HSMA_CANCEL)) goto record; diff --git a/lustre/mdt/mdt_internal.h b/lustre/mdt/mdt_internal.h index 15ad740..98cbfee 100644 --- a/lustre/mdt/mdt_internal.h +++ b/lustre/mdt/mdt_internal.h @@ -1414,7 +1414,7 @@ static inline bool mdt_is_rootadmin(struct mdt_thread_info *info) uc = mdt_ucred(info); is_admin = (uc->uc_uid == 0 && uc->uc_gid == 0 && - md_capable(uc, CFS_CAP_SYS_ADMIN)); + md_capable(uc, CAP_SYS_ADMIN)); mdt_exit_ucred(info); diff --git a/lustre/mdt/mdt_open.c b/lustre/mdt/mdt_open.c index ef12eb1..837323e 100644 --- a/lustre/mdt/mdt_open.c +++ b/lustre/mdt/mdt_open.c @@ -1695,7 +1695,7 @@ static struct mdt_object *mdt_orphan_open(struct mdt_thread_info *info, uc = lu_ucred(env); uc_cap_save = uc->uc_cap; - uc->uc_cap |= BIT(CFS_CAP_DAC_OVERRIDE); + uc->uc_cap |= BIT(CAP_DAC_OVERRIDE); rc = mdo_create(env, mdt_object_child(local_root), &lname, mdt_object_child(obj), spec, attr); uc->uc_cap = uc_cap_save; @@ -1967,7 +1967,7 @@ static int mdt_hsm_release(struct mdt_thread_info *info, struct mdt_object *o, /* The orphan has root ownership so we need to raise * CAP_FOWNER to set the HSM attributes. */ cap = uc->uc_cap; - uc->uc_cap |= MD_CAP_TO_MASK(CFS_CAP_FOWNER); + uc->uc_cap |= MD_CAP_TO_MASK(CAP_FOWNER); rc = mo_xattr_set(info->mti_env, mdt_object_child(orphan), buf, XATTR_NAME_HSM, 0); uc->uc_cap = cap; diff --git a/lustre/mdt/mdt_reint.c b/lustre/mdt/mdt_reint.c index f6c2e0b..a06ccef 100644 --- a/lustre/mdt/mdt_reint.c +++ b/lustre/mdt/mdt_reint.c @@ -526,7 +526,7 @@ static int mdt_create(struct mdt_thread_info *info) LMV_HASH_TYPE_CRUSH) RETURN(-EPROTO); - if (!md_capable(uc, CFS_CAP_SYS_ADMIN) && + if (!md_capable(uc, CAP_SYS_ADMIN) && uc->uc_gid != mdt->mdt_enable_remote_dir_gid && mdt->mdt_enable_remote_dir_gid != -1) RETURN(-EPERM); @@ -769,7 +769,7 @@ int mdt_add_dirty_flag(struct mdt_thread_info *info, struct mdt_object *mo, * set the HSM state to dirty. */ cap_saved = uc->uc_cap; - uc->uc_cap |= MD_CAP_TO_MASK(CFS_CAP_FOWNER); + uc->uc_cap |= MD_CAP_TO_MASK(CAP_FOWNER); rc = mdt_hsm_attr_set(info, mo, &ma->ma_hsm); uc->uc_cap = cap_saved; if (rc) @@ -906,7 +906,7 @@ static int mdt_reint_setattr(struct mdt_thread_info *info, !mdt->mdt_enable_striped_dir) GOTO(out_put, rc = -EPERM); - if (!md_capable(uc, CFS_CAP_SYS_ADMIN) && + if (!md_capable(uc, CAP_SYS_ADMIN) && uc->uc_gid != mdt->mdt_enable_remote_dir_gid && mdt->mdt_enable_remote_dir_gid != -1) GOTO(out_put, rc = -EPERM); @@ -1139,7 +1139,7 @@ relock: /* Return -ENOTSUPP for old client */ GOTO(put_child, rc = -ENOTSUPP); - if (!md_capable(uc, CFS_CAP_SYS_ADMIN)) + if (!md_capable(uc, CAP_SYS_ADMIN)) GOTO(put_child, rc = -EPERM); ma->ma_need = MA_INODE; @@ -2176,7 +2176,7 @@ int mdt_reint_migrate(struct mdt_thread_info *info, if (!mdt->mdt_enable_remote_dir || !mdt->mdt_enable_dir_migration) RETURN(-EPERM); - if (uc && !md_capable(uc, CFS_CAP_SYS_ADMIN) && + if (uc && !md_capable(uc, CAP_SYS_ADMIN) && uc->uc_gid != mdt->mdt_enable_remote_dir_gid && mdt->mdt_enable_remote_dir_gid != -1) RETURN(-EPERM); diff --git a/lustre/mdt/mdt_xattr.c b/lustre/mdt/mdt_xattr.c index 7d78be8..cc7804f 100644 --- a/lustre/mdt/mdt_xattr.c +++ b/lustre/mdt/mdt_xattr.c @@ -347,7 +347,7 @@ int mdt_dir_layout_update(struct mdt_thread_info *info) if (!mdt->mdt_enable_dir_migration) RETURN(-EPERM); - if (!md_capable(uc, CFS_CAP_SYS_ADMIN) && + if (!md_capable(uc, CAP_SYS_ADMIN) && uc->uc_gid != mdt->mdt_enable_remote_dir_gid && mdt->mdt_enable_remote_dir_gid != -1) RETURN(-EPERM); @@ -577,7 +577,7 @@ int mdt_reint_setxattr(struct mdt_thread_info *info, } } - if (!md_capable(mdt_ucred(info), CFS_CAP_SYS_ADMIN)) + if (!md_capable(mdt_ucred(info), CAP_SYS_ADMIN)) GOTO(out, rc = -EPERM); if (strcmp(xattr_name, XATTR_NAME_LOV) == 0 || diff --git a/lustre/obdclass/class_obd.c b/lustre/obdclass/class_obd.c index 9b34434..6a9dc6c 100644 --- a/lustre/obdclass/class_obd.c +++ b/lustre/obdclass/class_obd.c @@ -484,7 +484,7 @@ static long obd_class_ioctl(struct file *filp, unsigned int cmd, ENTRY; /* Allow non-root access for some limited ioctls */ - if (!cfs_capable(CFS_CAP_SYS_ADMIN)) + if (!cfs_capable(CAP_SYS_ADMIN)) RETURN(err = -EACCES); if ((cmd & 0xffffff00) == ((int)'T') << 8) /* ignore all tty ioctls */ diff --git a/lustre/obdecho/echo_client.c b/lustre/obdecho/echo_client.c index a7d3bd4..b9da619 100644 --- a/lustre/obdecho/echo_client.c +++ b/lustre/obdecho/echo_client.c @@ -2842,7 +2842,7 @@ echo_client_iocontrol(unsigned int cmd, struct obd_export *exp, int len, switch (cmd) { case OBD_IOC_CREATE: /* may create echo object */ - if (!cfs_capable(CFS_CAP_SYS_ADMIN)) + if (!cfs_capable(CAP_SYS_ADMIN)) GOTO(out, rc = -EPERM); rc = echo_create_object(env, ed, oa); @@ -2856,7 +2856,7 @@ echo_client_iocontrol(unsigned int cmd, struct obd_export *exp, int len, int dirlen; __u64 id; - if (!cfs_capable(CFS_CAP_SYS_ADMIN)) + if (!cfs_capable(CAP_SYS_ADMIN)) GOTO(out, rc = -EPERM); count = data->ioc_count; @@ -2881,7 +2881,7 @@ echo_client_iocontrol(unsigned int cmd, struct obd_export *exp, int len, __u64 seq; int max_count; - if (!cfs_capable(CFS_CAP_SYS_ADMIN)) + if (!cfs_capable(CAP_SYS_ADMIN)) GOTO(out, rc = -EPERM); rc = seq_client_get_seq(env, ed->ed_cl_seq, &seq); @@ -2902,7 +2902,7 @@ echo_client_iocontrol(unsigned int cmd, struct obd_export *exp, int len, } #endif /* HAVE_SERVER_SUPPORT */ case OBD_IOC_DESTROY: - if (!cfs_capable(CFS_CAP_SYS_ADMIN)) + if (!cfs_capable(CAP_SYS_ADMIN)) GOTO(out, rc = -EPERM); rc = echo_get_object(&eco, ed, oa); @@ -2923,7 +2923,7 @@ echo_client_iocontrol(unsigned int cmd, struct obd_export *exp, int len, GOTO(out, rc); case OBD_IOC_SETATTR: - if (!cfs_capable(CFS_CAP_SYS_ADMIN)) + if (!cfs_capable(CAP_SYS_ADMIN)) GOTO(out, rc = -EPERM); rc = echo_get_object(&eco, ed, oa); @@ -2934,7 +2934,7 @@ echo_client_iocontrol(unsigned int cmd, struct obd_export *exp, int len, GOTO(out, rc); case OBD_IOC_BRW_WRITE: - if (!cfs_capable(CFS_CAP_SYS_ADMIN)) + if (!cfs_capable(CAP_SYS_ADMIN)) GOTO(out, rc = -EPERM); rw = OBD_BRW_WRITE; diff --git a/lustre/osc/osc_io.c b/lustre/osc/osc_io.c index 9f964c1..9b67d4b 100644 --- a/lustre/osc/osc_io.c +++ b/lustre/osc/osc_io.c @@ -415,7 +415,7 @@ int osc_io_iter_init(const struct lu_env *env, const struct cl_io_slice *ios) } spin_unlock(&imp->imp_lock); - if (cfs_capable(CFS_CAP_SYS_RESOURCE)) + if (cfs_capable(CAP_SYS_RESOURCE)) oio->oi_cap_sys_resource = 1; RETURN(rc); -- 1.8.3.1