linux-hardened/drivers
Iulia Manda 2813893f8b kernel: conditionally support non-root users, groups and capabilities
There are a lot of embedded systems that run most or all of their
functionality in init, running as root:root.  For these systems,
supporting multiple users is not necessary.

This patch adds a new symbol, CONFIG_MULTIUSER, that makes support for
non-root users, non-root groups, and capabilities optional.  It is enabled
under CONFIG_EXPERT menu.

When this symbol is not defined, UID and GID are zero in any possible case
and processes always have all capabilities.

The following syscalls are compiled out: setuid, setregid, setgid,
setreuid, setresuid, getresuid, setresgid, getresgid, setgroups,
getgroups, setfsuid, setfsgid, capget, capset.

Also, groups.c is compiled out completely.

In kernel/capability.c, capable function was moved in order to avoid
adding two ifdef blocks.

This change saves about 25 KB on a defconfig build.  The most minimal
kernels have total text sizes in the high hundreds of kB rather than
low MB.  (The 25k goes down a bit with allnoconfig, but not that much.

The kernel was booted in Qemu.  All the common functionalities work.
Adding users/groups is not possible, failing with -ENOSYS.

Bloat-o-meter output:
add/remove: 7/87 grow/shrink: 19/397 up/down: 1675/-26325 (-24650)

[akpm@linux-foundation.org: coding-style fixes]
Signed-off-by: Iulia Manda <iulia.manda21@gmail.com>
Reviewed-by: Josh Triplett <josh@joshtriplett.org>
Acked-by: Geert Uytterhoeven <geert@linux-m68k.org>
Tested-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Reviewed-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-04-15 16:35:22 -07:00
..
accessibility
acpi Power management and ACPI updates for v4.1-rc1 2015-04-14 20:21:54 -07:00
amba ARM: 8334/1: amba: tegra-ahb: detect and correct bogus base address 2015-04-02 10:03:55 +01:00
android
ata Power management and ACPI updates for v4.1-rc1 2015-04-14 20:21:54 -07:00
atm
auxdisplay
base Power management and ACPI updates for v4.1-rc1 2015-04-14 20:21:54 -07:00
bcma
block paride: fix the "verbose" module param 2015-04-15 16:35:22 -07:00
bluetooth Bluetooth: btusb: Use proper data structures for Intel vendor events 2015-04-09 10:42:18 +03:00
bus
cdrom
char Power management and ACPI updates for v4.1-rc1 2015-04-14 20:21:54 -07:00
clk
clocksource ARM, clocksource/drivers: Provide read_boot_clock64() and read_persistent_clock64() and use them 2015-04-03 08:18:23 +02:00
connector
coresight
cpufreq intel_pstate: Knights Landing support 2015-04-11 02:13:29 +02:00
cpuidle Power management and ACPI updates for v4.1-rc1 2015-04-14 20:21:54 -07:00
crypto
dca
devfreq PM / devfreq: tegra: Register governor on module init 2015-03-31 13:17:15 +09:00
dio
dma Staging driver patches for 4.1-rc1 2015-04-13 17:37:33 -07:00
dma-buf
edac
eisa
extcon
firewire
firmware Merge branch 'core-efi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-04-13 10:22:30 -07:00
fmc
gpio Power management and ACPI updates for v4.1-rc1 2015-04-14 20:21:54 -07:00
gpu Some clean ups and small fixes, but the biggest change is the addition 2015-04-14 10:49:03 -07:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2015-04-14 18:25:15 -07:00
hsi HSI: cmt_speech: fix error return code 2015-04-05 14:45:27 +02:00
hv
hwmon hwmon: (pwm-fan) Update the duty cycle inorder to control the pwm-fan 2015-04-12 15:59:11 -07:00
hwspinlock
i2c Power management and ACPI updates for v4.1-rc1 2015-04-14 20:21:54 -07:00
ide Power management and ACPI updates for v4.1-rc1 2015-04-14 20:21:54 -07:00
idle Power management and ACPI updates for v4.1-rc1 2015-04-14 20:21:54 -07:00
iio Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2015-04-14 09:50:27 -07:00
infiniband Merge branch 'for-linus-1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-14 15:31:03 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2015-04-14 18:25:15 -07:00
iommu Power management and ACPI updates for v4.1-rc1 2015-04-14 20:21:54 -07:00
ipack
irqchip irqchip core change for v4.1 (round 3) 2015-04-11 11:17:28 +02:00
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2015-04-15 09:00:47 -07:00
leds
lguest lguest: now needs PCI_DIRECT. 2015-04-01 10:29:05 -07:00
macintosh
mailbox
mcb
md md/raid0: fix bug with chunksize not a power of 2. 2015-04-10 15:36:31 +10:00
media Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2015-04-15 09:00:47 -07:00
memory
memstick
message
mfd == Changes to existing drivers == 2015-04-14 17:29:55 -07:00
misc Merge branch 'for-linus-1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-14 15:31:03 -07:00
mmc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2015-04-14 09:50:27 -07:00
mtd Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2015-04-14 09:50:27 -07:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2015-04-15 09:00:47 -07:00
nfc NFC: logging neatening 2015-04-07 12:05:12 +02:00
ntb
nubus
of Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2015-04-15 09:00:47 -07:00
oprofile
parisc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2015-04-14 09:50:27 -07:00
parport
pci PCI changes for the v4.1 merge window: 2015-04-13 15:45:47 -07:00
pcmcia
phy USB patches for 4.1-rc1 2015-04-13 17:07:21 -07:00
pinctrl This is the bulk of pin control changes for the v4.1 development 2015-04-14 17:58:15 -07:00
platform Power management and ACPI updates for v4.1-rc1 2015-04-14 20:21:54 -07:00
pnp Power management and ACPI updates for v4.1-rc1 2015-04-14 20:21:54 -07:00
power power: twl4030_madc_battery: Add missing MODULE_ALIAS 2015-04-06 19:39:57 +02:00
powercap powercap / RAPL: mark rapl_ids array as __initconst 2015-04-11 02:21:15 +02:00
pps
ps3
ptp ptp: remove 32 bit get/set methods. 2015-03-31 12:01:19 -04:00
pwm
rapidio
ras
regulator == Changes to existing drivers == 2015-04-14 17:29:55 -07:00
remoteproc
reset
rpmsg
rtc == Changes to existing drivers == 2015-04-14 17:29:55 -07:00
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2015-04-15 09:00:47 -07:00
sbus
scsi Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2015-04-15 09:00:47 -07:00
sfi
sh
sn
soc
spi Merge remote-tracking branches 'spi/topic/spidev' and 'spi/topic/spidev-test' into spi-next 2015-04-11 23:09:31 +01:00
spmi
ssb ssb: add delay after PCI reset to fix SoC reboots 2015-04-07 20:18:10 +03:00
staging kernel: conditionally support non-root users, groups and capabilities 2015-04-15 16:35:22 -07:00
target iscsi target: fix oops when adding reject pdu 2015-04-10 12:33:55 -07:00
tc
thermal drivers: thermal: st: remove several sparse warnings 2015-04-07 13:43:28 -07:00
thunderbolt
tty Power management and ACPI updates for v4.1-rc1 2015-04-14 20:21:54 -07:00
uio
usb Merge branch 'for-linus-1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-14 15:31:03 -07:00
uwb
vfio vfio-pci: Fix use after free 2015-04-08 08:11:51 -06:00
vhost new helper: msg_data_left() 2015-04-11 15:53:35 -04:00
video == Changes to existing drivers == 2015-04-14 17:54:22 -07:00
virt
virtio
vlynq
vme
w1
watchdog Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2015-04-14 20:51:44 -07:00
xen cleancache: forbid overriding cleancache_ops 2015-04-14 16:49:03 -07:00
zorro
Kconfig
Makefile