Merge branch 'for-linus' of...

extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);

extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);

extern int cap_netlink_recv(struct sk_buff *skb, int cap);

extern int cap_netlink_recv(struct sk_buff *skb, int cap);

#ifdef CONFIG_MMU

extern unsigned long mmap_min_addr;

extern unsigned long mmap_min_addr;

extern unsigned long dac_mmap_min_addr;

extern unsigned long dac_mmap_min_addr;

#else

#define dac_mmap_min_addr	0UL

#endif

/*

/*

 * Values used in the task_security_ops calls

 * Values used in the task_security_ops calls

 */

 */

#define LSM_UNSAFE_PTRACE	2

#define LSM_UNSAFE_PTRACE	2

#define LSM_UNSAFE_PTRACE_CAP	4

#define LSM_UNSAFE_PTRACE_CAP	4

#ifdef CONFIG_MMU

/*

/*

 * If a hint addr is less than mmap_min_addr change hint to be as

 * If a hint addr is less than mmap_min_addr change hint to be as

 * low as possible but still greater than mmap_min_addr

 * low as possible but still greater than mmap_min_addr

}

}

extern int mmap_min_addr_handler(struct ctl_table *table, int write,

extern int mmap_min_addr_handler(struct ctl_table *table, int write,

				 void __user *buffer, size_t *lenp, loff_t *ppos);

				 void __user *buffer, size_t *lenp, loff_t *ppos);

#endif

#ifdef CONFIG_SECURITY

#ifdef CONFIG_SECURITY

		.proc_handler	= proc_dointvec_jiffies,

		.proc_handler	= proc_dointvec_jiffies,

	},

	},

#endif

#endif

#ifdef CONFIG_MMU

	{

	{

		.procname	= "mmap_min_addr",

		.procname	= "mmap_min_addr",

		.data		= &dac_mmap_min_addr,

		.data		= &dac_mmap_min_addr,

		.mode		= 0644,

		.mode		= 0644,

		.proc_handler	= mmap_min_addr_handler,

		.proc_handler	= mmap_min_addr_handler,

	},

	},

#endif

#ifdef CONFIG_NUMA

#ifdef CONFIG_NUMA

	{

	{

		.procname	= "numa_zonelist_order",

		.procname	= "numa_zonelist_order",

config DEFAULT_MMAP_MIN_ADDR

config DEFAULT_MMAP_MIN_ADDR

        int "Low address space to protect from user allocation"

        int "Low address space to protect from user allocation"

	depends on MMU

        default 4096

        default 4096

        help

        help

	  This is the portion of low virtual memory which should be protected

	  This is the portion of low virtual memory which should be protected

subdir-$(CONFIG_SECURITY_TOMOYO)        += tomoyo

subdir-$(CONFIG_SECURITY_TOMOYO)        += tomoyo

# always enable default capabilities

# always enable default capabilities

obj-y		+= commoncap.o min_addr.o

obj-y					+= commoncap.o

obj-$(CONFIG_MMU)			+= min_addr.o

# Object file lists

# Object file lists

obj-$(CONFIG_SECURITY)			+= security.o capability.o

obj-$(CONFIG_SECURITY)			+= security.o capability.o

		 * have the authorisation token handy */

		 * have the authorisation token handy */

		instkey = key_get_instantiation_authkey(keyid);

		instkey = key_get_instantiation_authkey(keyid);

		if (IS_ERR(instkey))

		if (IS_ERR(instkey))

			return PTR_ERR(key_ref);

			return PTR_ERR(instkey);

		key_put(instkey);

		key_put(instkey);

		key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, 0);

		key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, 0);

 */

 */

long keyctl_session_to_parent(void)

long keyctl_session_to_parent(void)

{

{

#ifdef TIF_NOTIFY_RESUME

	struct task_struct *me, *parent;

	struct task_struct *me, *parent;

	const struct cred *mycred, *pcred;

	const struct cred *mycred, *pcred;

	struct cred *cred, *oldcred;

	struct cred *cred, *oldcred;

error_keyring:

error_keyring:

	key_ref_put(keyring_r);

	key_ref_put(keyring_r);

	return ret;

	return ret;

#else /* !TIF_NOTIFY_RESUME */

	/*

	 * To be removed when TIF_NOTIFY_RESUME has been implemented on

	 * m68k/xtensa

	 */

#warning TIF_NOTIFY_RESUME not implemented

	return -EOPNOTSUPP;

#endif /* !TIF_NOTIFY_RESUME */

}

}

/*****************************************************************************/

/*****************************************************************************/