summaryrefslogtreecommitdiff
path: root/privs.h
blob: 9f9cfdd0626dee927ca26138809eec7a8daf7a38 (plain)
1
2
3
4
5
6
7
8
#ifndef PRIVS_H
#define PRIVS_H

#include <stdbool.h>

extern void drop_privileges(bool enforce, uid_t uid, gid_t gid);

#endif /* PRIVS_H */
dd1e1e8441bb4'>Merge tag 'rxrpc-rewrite-20170210' of ↵David S. Miller1-0/+24 git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs David Howells says: ==================== afs: Use system UUID generation There is now a general function for generating a UUID and AFS should make use of it. It's also been recommended to me that I switch to using random rather than time plus MAC address-based UUIDs which this function does. ==================== Signed-off-by: David S. Miller <davem@davemloft.net> 2017-02-13net: make net_device members garp_port and mrp_port conditionalTobias Klauser1-0/+4 garp_port is only used in net/802/garp.c which is only compiled with CONFIG_GARP enabled. Same goes for mrp_port which is only used in net/802/mrp.c with CONFIG_MRP enabled. Only include the two members in struct net_device if their respective CONFIG_* is enabled. This saves a few bytes in struct net_device in case CONFIG_GARP or CONFIG_MRP are not enabled. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: David S. Miller <davem@davemloft.net> 2017-02-13net: busy-poll: remove LL_FLUSH_FAILED and LL_FLUSH_BUSYEric Dumazet1-4/+0 Commit 79e7fff47b7b ("net: remove support for per driver ndo_busy_poll()") made them obsolete. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2017-02-12Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller4-8/+53 Pablo Neira Ayuso says: ==================== Netfilter updates for net-next The following patchset contains Netfilter updates for your net-next tree, most relevantly they are: 1) Extend nft_exthdr to allow to match TCP options bitfields, from Manuel Messner. 2) Allow to check if IPv6 extension header is present in nf_tables, from Phil Sutter. 3) Allow to set and match conntrack zone in nf_tables, patches from Florian Westphal. 4) Several patches for the nf_tables set infrastructure, this includes cleanup and preparatory patches to add the new bitmap set type. 5) Add optional ruleset generation ID check to nf_tables and allow to delete rules that got no public handle yet via NFTA_RULE_ID. These patches add the missing kernel infrastructure to support rule deletion by description from userspace. 6) Missing NFT_SET_OBJECT flag to select the right backend when sets stores an object map. 7) A couple of cleanups for the expectation and SIP helper, from Gao feng. ==================== Signed-off-by: David S. Miller <davem@davemloft.net> 2017-02-12netfilter: nf_tables: add NFTA_RULE_ID attributePablo Neira Ayuso2-0/+5 This new attribute allows us to uniquely identify a rule in transaction. Robots may trigger an insertion followed by deletion in a batch, in that scenario we still don't have a public rule handle that we can use to delete the rule. This is similar to the NFTA_SET_ID attribute that allows us to refer to an anonymous set from a batch. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2017-02-12netfilter: nfnetlink: allow to check for generation IDPablo Neira Ayuso2-0/+13 This patch allows userspace to specify the generation ID that has been used to build an incremental batch update. If userspace specifies the generation ID in the batch message as attribute, then nfnetlink compares it to the current generation ID so you make sure that you work against the right baseline. Otherwise, bail out with ERESTART so userspace knows that its changeset is stale and needs to respin. Userspace can do this transparently at the cost of taking slightly more time to refresh caches and rework the changeset. This check is optional, if there is no NFNL_BATCH_GENID attribute in the batch begin message, then no check is performed. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2017-02-11net: rename dst_neigh_output back to neigh_outputJulian Anastasov2-12/+10 After the dst->pending_confirm flag was removed, we do not need anymore to provide dst arg to dst_neigh_output. So, rename it to neigh_output as before commit 5110effee8fd ("net: Do delayed neigh confirmation."). Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: David S. Miller <davem@davemloft.net> 2017-02-11tap: tap as an independent moduleSainath Grandhi1-2/+2 This patch makes tap a separate module for other types of virtual interfaces, for example, ipvlan to use. Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2017-02-11tap: Extending tap device create/destroy APIsSainath Grandhi1-2/+2 Extending tap APIs get/free_minor and create/destroy_cdev to handle more than one type of virtual interface. Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2017-02-11tap: Abstract type of virtual interface from tap implementationSainath Grandhi1-4/+53 macvlan object is re-structured to hold tap related elements in a separate entity, tap_dev. Upon NETDEV_REGISTER device_event, tap_dev is registered with idr and fetched again on tap_open. Few of the tap functions are modified to accepted tap_dev as argument. tap_dev object includes callbacks to be used by underlying virtual interface to take care of tx and rx accounting. Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2017-02-11tap: Tap character device creation/destroy APISainath Grandhi1-0/+3 This patch provides tap device create/destroy APIs in tap.c. Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2017-02-11tap: Renaming tap related APIs, data structures, macrosSainath Grandhi3-25/+25 Renaming tap related APIs, data structures and macros in tap.c from macvtap_.* to tap_.* Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2017-02-11tap: Refactoring macvtap.cSainath Grandhi1-0/+10 macvtap module has code for tap/queue management and link management. This patch splits the code into macvtap_main.c for link management and tap.c for tap/queue management. Functionality in tap.c can be re-used for implementing tap on other virtual interfaces. Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2017-02-11Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller