Add a no_file_caps boot option when file capabilities are
compiled into the kernel (CONFIG_SECURITY_FILE_CAPABILITIES=y).
This allows distributions to ship a kernel with file capabilities
compiled in, without forcing users to use (and understand and
trust) them.
When no_file_caps is specified at boot, then when a process executes
a file, any file capabilities stored with that file will not be
used in the calculation of the process' new capability sets.
This means that booting with the no_file_caps boot option will
not be the same as booting a kernel with file capabilities
compiled out - in particular a task with CAP_SETPCAP will not
have any chance of passing capabilities to another task (which
isn't "really" possible anyway, and which may soon by killed
altogether by David Howells in any case), and it will instead
be able to put new capabilities in its pI. However since fI
will always be empty and pI is masked with fI, it gains the
task nothing.
We also support the extra prctl options, setting securebits and
dropping capabilities from the per-process bounding set.
The other remaining difference is that killpriv, task_setscheduler,
setioprio, and setnice will continue to be hooked. That will
be noticable in the case where a root task changed its uid
while keeping some caps, and another task owned by the new uid
tries to change settings for the more privileged task.
Changelog:
Nov 05 2008: (v4) trivial port on top of always-start-\
with-clear-caps patch
Sep 23 2008: nixed file_caps_enabled when file caps are
not compiled in as it isn't used.
Document no_file_caps in kernel-parameters.txt.
Signed-off-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: Andrew G. Morgan <morgan@kernel.org>
Signed-off-by: James Morris <jmorris@namei.org>
* 'io-mappings-for-linus-2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
io mapping: clean up #ifdefs
io mapping: improve documentation
i915: use io-mapping interfaces instead of a variety of mapping kludges
resources: add io-mapping functions to dynamically map large device apertures
x86: add iomap_atomic*()/iounmap_atomic() on 32-bit using fixmaps
Impact: add new generic io_map_*() APIs
Graphics devices have large PCI apertures which would consume a significant
fraction of a 32-bit address space if mapped during driver initialization.
Using ioremap at runtime is impractical as it is too slow.
This new set of interfaces uses atomic mappings on 32-bit processors and a
large static mapping on 64-bit processors to provide reasonable 32-bit
performance and optimal 64-bit performance.
The current implementation sits atop the io_map_atomic fixmap-based
mechanism for 32-bit processors.
This includes some editorial suggestions from Randy Dunlap for
Documentation/io-mapping.txt
Signed-off-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
* git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus:
lguest: fix irq vectors.
lguest: fix early_ioremap.
lguest: fix example launcher compile after moved asm-x86 dir.
* 'sched-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
sched: remove sched-design.txt from 00-INDEX
sched: change sched_debug's mode to 0444
* 'tracing-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
ftrace: handle archs that do not support irqs_disabled_flags
Impact: build fix on non-lockdep architectures
Some architectures do not support a way to read the irq flags that
is set from "local_irq_save(flags)" to determine if interrupts were
disabled or enabled. Ftrace uses this information to display to the user
if the trace occurred with interrupts enabled or disabled.
Besides the fact that those archs that do not support this will fail to
compile, unless they fix it, we do not want to have the trace simply
say interrupts were not disabled or they were enabled, without knowing
the real answer.
This patch adds a 'X' in the output to let the user know that the
architecture they are running on does not support a way for the tracer
to determine if interrupts were enabled or disabled. It also lets those
same archs compile with tracing enabled.
Signed-off-by: Steven Rostedt <srostedt@redhat.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
* 'i2c-for-linus' of git://jdelvare.pck.nerim.net/jdelvare-2.6:
i2c-s3c2410: Correct use of ! and &
i2c: The i2c mailing list is moving
scx200_i2c: Add missing class parameter
Just corrected the book name. I'm probably the only one who ever read
this file :-)
Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The total width of the command name plus spaces should be
8 characters, but were 7 and 9, respectively. With 8 chars,
all commands are now lining up nicely.
The mandocs, psdocs, xmldocs commands are OK.
Before:
HOSTCC scripts/basic/docproc
DOCPROC Documentation/DocBook/deviceiobook.xml
HTML Documentation/DocBook/deviceiobook.html
DOCPROC Documentation/DocBook/wanbook.xml
PDF Documentation/DocBook/wanbook.pdf
After:
HOSTCC scripts/basic/docproc
DOCPROC Documentation/DocBook/deviceiobook.xml
HTML Documentation/DocBook/deviceiobook.html
DOCPROC Documentation/DocBook/wanbook.xml
PDF Documentation/DocBook/wanbook.pdf
Signed-off-by: Hans Ulrich Niedermann <hun@n-dimensional.de>
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Nothing uses prepare_write or commit_write. Remove them from the tree
completely.
[akpm@linux-foundation.org: schedule simple_prepare_write() for unexporting]
Signed-off-by: Nick Piggin <npiggin@suse.de>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Impact: remove stale documentation reference
sched-design.txt has been removed.
Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Sync the jp_JP version of HOWTO to contain the latest updates
From: Tsugikazu Shibata <tshibata@ab.jp.nec.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Update the documentation for the stable tree rules to reflect
that device IDs and quirks are also suitable for -stable
kernels.
Signed-off-by: Josh Boyer <jwboyer@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This fills in the documentation for all of the current kernel taint
flags, and fixes the number for TAINT_CRAP, which was incorrectly
described.
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The documents aren't particularly useful anyway and the hardware in
question has never run anything newer than a v2.2.14 kernel to my
knowledge.
Signed-off-by: Mike Crowe <mac@mcrowe.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
* 'sched-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
sched: fix documentation reference for sched_min_granularity_ns
sched: virtual time buddy preemption
sched: re-instate vruntime based wakeup preemption
sched: weaken sync hint
sched: more accurate min_vruntime accounting
sched: fix a find_busiest_group buglet
sched: add CONFIG_SMP consistency
The Documentation/i386 and Documentation/x86_64 directories and their
contents have been moved into Documentation/x86. Fix references to
those files accordingly.
Signed-off-by: Uwe Hermann <uwe@hermann-uwe.de>
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
This code has been dead for many years. The last update it received
was in 2003 in order to update it for the driver model changes, though
it had already been in disarray and unused before that point. The only
boards that ever used this chip have not had users in many years either,
so it is finally safe to just kill it off and move on with life.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Impact: documentation fix
sched-design-CFS.txt wrongly references sched_granularity_ns sysctl,
as its name in fact is sched_min_granularity_ns.
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: psmouse - add support for Elantech touchpads
Input: i8042 - add Blue FB5601 to noloop exception table
The LM99 differs from the LM86, LM89 and LM90 in that it reports
remote temperatures (temp2) 16 degrees lower than they really are. So
far we have been cheating and handled this in userspace but it really
should be handled by the driver directly.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6: (123 commits)
dock: make dock driver not a module
ACPI: fix ia64 build warning
ACPI: hack around sysfs warning with link order
ACPI suspend: fix build warning when CONFIG_ACPI_SLEEP=n
intel_menlo: fix build warning
panasonic-laptop: fix build
ACPICA: Update version to 20080926
ACPICA: Add support for zero-length buffer-to-string conversions
ACPICA: New: Validation for predefined ACPI methods/objects
ACPICA: Fix for implicit return compatibility
ACPICA: Fixed a couple memory leaks associated with "implicit return"
ACPICA: Optimize buffer allocation procedure
ACPICA: Fix possible memory leak, error exit path
ACPICA: Fix fault after mem allocation failure in AML parser
ACPICA: Remove unused ACPI register bit definition
ACPICA: Update version to 20080829
ACPICA: Fix possible memory leak in acpi_ns_get_external_pathname
ACPICA: Cleanup for internal Reference Object
ACPICA: Update comments - no functional changes
ACPICA: Update for Reference ACPI_OPERAND_OBJECT
...
* 'i2c-for-linus' of git://jdelvare.pck.nerim.net/jdelvare-2.6:
i2c: Add info->archdata field
i2c: Inform about deprecated chips directory
i2c: Use pci_ioremap_bar()
Schedule removal of the legacy i2c device driver binding model
i2c: Clean up <linux/i2c.h>
i2c: Update and clean up writing-clients document
i2c: Drop 2-byte address block transfer defines
i2c: Delete legacy model documentation
i2c: Constify i2c_get_clientdata's parameter
i2c: Delete outdated client porting guide
i2c: Make clear what the class field of i2c_adapter is good for
i2c-algo-pcf: Fix typo in debugging log message
i2c-algo-pcf: Add adapter hooks around xfer begin and end
i2c-algo-pcf: Pass adapter data into ->waitforpin() method
i2c-i801: Add support for Intel Ibex Peak
* git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc: (53 commits)
powerpc: Support for relocatable kdump kernel
powerpc: Don't use a 16G page if beyond mem= limits
powerpc: Add del_node() for early boot code to prune inapplicable devices.
powerpc: Further compile fixup for STRICT_MM_TYPECHECKS
powerpc: Remove empty #else from signal_64.c
powerpc: Move memory size print into common show_cpuinfo for 32-bit
hvc_console: Remove __devexit annotation of hvc_remove()
hvc_console: Add support for tty window resizing
hvc_console: Fix loop if put_char() returns 0
hvc_console: Add tty driver flag TTY_DRIVER_RESET_TERMIOS
hvc_console: Add a hangup notifier for backends
powerpc/83xx: Add DS1339 RTC support for MPC8349E-mITX boards .dts
powerpc/83xx: Add support for MCU microcontroller in .dts files
powerpc/85xx: Move mpc8572ds.dts to address-cells/size-cells = <2>
of/spi: Support specifying chip select as active high via device tree
powerpc: Remove device_type = "board_control" properties in .dts files
i2c-cpm: Suppress autoprobing for devices
powerpc/85xx: Fix mpc8536ds dma interrupt numbers
powerpc/85xx: Enable enhanced functions for 8536 TSEC
powerpc: Delete unused prom_strtoul and prom_memparse
...
* 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/dvrabel/uwb: (47 commits)
uwb: wrong sizeof argument in mac address compare
uwb: don't use printk_ratelimit() so often
uwb: use kcalloc where appropriate
uwb: use time_after() when purging stale beacons
uwb: add credits for the original developers of the UWB/WUSB/WLP subsystems
uwb: add entries in the MAINTAINERS file
uwb: depend on EXPERIMENTAL
wusb: wusb-cbaf (CBA driver) sysfs ABI simplification
uwb: document UWB and WUSB sysfs files
uwb: add symlinks in sysfs between radio controllers and PALs
uwb: dont tranmit identification IEs
uwb: i1480/GUWA100U: fix firmware download issues
uwb: i1480: remove MAC/PHY information checking function
uwb: add Intel i1480 HWA to the UWB RC quirk table
uwb: disable command/event filtering for D-Link DUB-1210
uwb: initialize the debug sub-system
uwb: Fix handling IEs with empty IE data in uwb_est_get_size()
wusb: fix bmRequestType for Abort RPipe request
wusb: fix error path for wusb_set_dev_addr()
wusb: add HWA host controller driver
...
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6: (41 commits)
[IA64] Fix annoying IA64_TR_ALLOC_MAX message.
[IA64] kill sys32_pipe
[IA64] remove sys32_pause
[IA64] Add Variable Page Size and IA64 Support in Intel IOMMU
ia64/pv_ops: paravirtualized instruction checker.
ia64/xen: a recipe for using xen/ia64 with pv_ops.
ia64/pv_ops: update Kconfig for paravirtualized guest and xen.
ia64/xen: preliminary support for save/restore.
ia64/xen: define xen machine vector for domU.
ia64/pv_ops/xen: implement xen pv_time_ops.
ia64/pv_ops/xen: implement xen pv_irq_ops.
ia64/pv_ops/xen: define the nubmer of irqs which xen needs.
ia64/pv_ops/xen: implement xen pv_iosapic_ops.
ia64/pv_ops/xen: paravirtualize entry.S for ia64/xen.
ia64/pv_ops/xen: paravirtualize ivt.S for xen.
ia64/pv_ops/xen: paravirtualize DO_SAVE_MIN for xen.
ia64/pv_ops/xen: define xen paravirtualized instructions for hand written assembly code
ia64/pv_ops/xen: define xen pv_cpu_ops.
ia64/pv_ops/xen: define xen pv_init_ops for various xen initialization.
ia64/pv_ops/xen: elf note based xen startup.
...
Maybe the incorrect power state is returned on the bogus bios, which
is different with the real power state. For example: the bios returns D0
state and the real power state is D3. OS expects to set the device to D0
state. In such case if OS uses the power state returned by the BIOS and
checks the device power state very strictly in power transition, the device
can't be transited to the correct power state.
So the boot option of "acpi.power_nocheck=1" is added to avoid checking
the device power in the course of device power transition.
http://bugzilla.kernel.org/show_bug.cgi?id=8049http://bugzilla.kernel.org/show_bug.cgi?id=11000
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Signed-off-by: Li Shaohua <shaohua.li@intel.com>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
The legacy i2c device driver binding model is superseded by the
standard model, so it's time to deprecate it and schedule it for
removal.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
* Strip trailing white space.
* Remove out-of-date or irrelevant parts.
* Insist on the fact that command is deprecated.
* Fix spelling mistakes and typos.
* Reformat code examples and function prototypes to comply with the
kernel coding style.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
The legacy i2c binding model is deprecated and will be removed soon,
so we no longer need to document it.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
i2c_get_clientdata doesn't change the i2c_client it is passed as a
parameter, so it can be constified. Same for i2c_get_adapdata.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
The document describing how to port i2c chip drivers from Linux 2.4 to
Linux 2.6 is outdated. As I suspect that most drivers that had to be
ported have already been by now, I do not want to spend time updating
it. Let's just delete it instead.
Signed-off-by: Jean Delvare <khali@linux-fr.org>