Quoting Stephen Rothwell ([email protected]): > Hi Serge, > > On Wed, 28 Oct 2009 09:02:36 -0500 "Serge E. Hallyn" <[email protected]> wrote: > > > > [ Are there any objections to exporting securebits.h? If not, > > can this patch be pushed to linux-next? ] > > I am not sure which tree this belongs in? Maybe security-testing (James > cc'd)?
I don't know why that didn't occur to me! Thanks, I'll pursue that :) > > diff --git a/include/linux/securebits.h b/include/linux/securebits.h > > index d2c5ed8..9ad109e 100644 > > --- a/include/linux/securebits.h > > +++ b/include/linux/securebits.h > > @@ -1,6 +1,13 @@ > > #ifndef _LINUX_SECUREBITS_H > > #define _LINUX_SECUREBITS_H 1 > > > > +/* Each securesetting is implemented using two bits. One bit specifies > > + whether the setting is on or off. The other bit specify whether the > > + setting is locked or not. A setting which is locked cannot be > > + changed from user-level. */ > > +#define issecure_mask(X) (1 << (X)) > > +#define issecure(X) (issecure_mask(X) & > > current_cred_xxx(securebits)) > > You want this second define protected by ifdef __KERNEL__ ... True, userspace doesn't need to see those. Will sanitize and resend. thanks, -serge -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
