Commit 4b09791b authored by Ondrej Mosnáček's avatar Ondrej Mosnáček Committed by Paul Moore
Browse files

cred: conditionally declare groups-related functions 

The groups-related functions declared in include/linux/cred.h are
defined in kernel/groups.c, which is compiled only when
CONFIG_MULTIUSER=y. Move all these function declarations under #ifdef
CONFIG_MULTIUSER to help avoid accidental usage in contexts where
CONFIG_MULTIUSER might be disabled.

This patch also adds a fallback for groups_search(). Currently this
function is only called from kernel/groups.c itself and
security/keys/permissions.c, where the call is (by coincidence)
optimized away in case CONFIG_MULTIUSER=n. However, the audit subsystem
(which does not depend on CONFIG_MULTIUSER) calls this function in
-next, so the fallback will be needed to avoid compilation errors or
ugly workarounds.

See also:
https://lkml.org/lkml/2018/6/20/670
https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git/commit/?h=next&id=af85d1772e31fed34165a1b3decef340cf4080c0



Reported-by: default avatarRandy Dunlap <rdunlap@infradead.org>
Tested-by: default avatarRandy Dunlap <rdunlap@infradead.org>
Signed-off-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent f7859590

include/linux/cred.h

+10 −5
Original line number Diff line number Diff line
@@ -65,6 +65,12 @@ extern void groups_free(struct group_info *); 


extern int in_group_p(kgid_t);

extern int in_egroup_p(kgid_t);

extern int groups_search(const struct group_info *, kgid_t);



extern int set_current_groups(struct group_info *);

extern void set_groups(struct cred *, struct group_info *);

extern bool may_setgroups(void);

extern void groups_sort(struct group_info *);

#else

static inline void groups_free(struct group_info *group_info)

{
@@ -78,12 +84,11 @@ static inline int in_egroup_p(kgid_t grp) 
{

        return 1;

}

static inline int groups_search(const struct group_info *group_info, kgid_t grp)

{

	return 1;

}

#endif

extern int set_current_groups(struct group_info *);

extern void set_groups(struct cred *, struct group_info *);

extern int groups_search(const struct group_info *, kgid_t);

extern bool may_setgroups(void);

extern void groups_sort(struct group_info *);



/*

 * The security context of a task

CRA Git | Maintained and supported by SUSTech CRA and CCSE