Skip to content
Commit 1cdcbec1 authored by David Howells's avatar David Howells Committed by James Morris
Browse files

CRED: Neuter sys_capset() 



Take away the ability for sys_capset() to affect processes other than current.

This means that current will not need to lock its own credentials when reading
them against interference by other processes.

This has effectively been the case for a while anyway, since:

 (1) Without LSM enabled, sys_capset() is disallowed.

 (2) With file-based capabilities, sys_capset() is neutered.

Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Acked-by: default avatarSerge Hallyn <serue@us.ibm.com>
Acked-by: default avatarAndrew G. Morgan <morgan@kernel.org>
Acked-by: default avatarJames Morris <jmorris@namei.org>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 8bbf4976
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment