CRED: Neuter sys_capset()
authorDavid Howells <dhowells@redhat.com>
Thu, 13 Nov 2008 23:39:14 +0000 (10:39 +1100)
committerJames Morris <jmorris@namei.org>
Thu, 13 Nov 2008 23:39:14 +0000 (10:39 +1100)
commit1cdcbec1a3372c0c49c59d292e708fd07b509f18
treed1bd302c8d66862da45b494cbc766fb4caa5e23e
parent8bbf4976b59fc9fc2861e79cab7beb3f6d647640
CRED: Neuter sys_capset()

Take away the ability for sys_capset() to affect processes other than current.

This means that current will not need to lock its own credentials when reading
them against interference by other processes.

This has effectively been the case for a while anyway, since:

 (1) Without LSM enabled, sys_capset() is disallowed.

 (2) With file-based capabilities, sys_capset() is neutered.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: Andrew G. Morgan <morgan@kernel.org>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: James Morris <jmorris@namei.org>
fs/open.c
include/linux/security.h
kernel/capability.c
security/commoncap.c
security/security.c
security/selinux/hooks.c