projects / GitHub / MotorolaMobilityLLC / kernel-slsi.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a2b4262) | patch
security: Use user_namespace::level to avoid redundant iterations in cap_capable()
authorKirill Tkhai <ktkhai@virtuozzo.com>
Tue, 2 May 2017 17:11:52 +0000 (20:11 +0300)
committerEric W. Biederman <ebiederm@xmission.com>
Thu, 20 Jul 2017 12:46:06 +0000 (07:46 -0500)
commit64db4c7f4c1dde23d47b60f887000e28f82b268f
treee7f344fb2015e7c138fc1d05804da2969c205be9tree | snapshot (tar.gz zip)
parenta2b426267c56773201f968fdb5eda6ab9ae94e34commit | diff
security: Use user_namespace::level to avoid redundant iterations in cap_capable()

When ns->level is not larger then cred->user_ns->level,
then ns can't be cred->user_ns's descendant, and
there is no a sense to search in parents.

So, break the cycle earlier and skip needless iterations.

v2: Change comment on suggested by Andy Lutomirski.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
security/commoncap.c diff | blob | blame | history
Motorola kernel-slsi