git.baikalelectronics.ru Git - kernel.git/commit

author	David Howells <dhowells@redhat.com>
	Thu, 13 Nov 2008 23:39:14 +0000 (10:39 +1100)
committer	James Morris <jmorris@namei.org>
	Thu, 13 Nov 2008 23:39:14 +0000 (10:39 +1100)
commit	46458665ba353e9de9762ea799cb96599fd4b373
tree	d1bd302c8d66862da45b494cbc766fb4caa5e23e	tree \| snapshot
parent	941a0247ba3edd21694b23740b777f902cf12f37	commit \| diff

CRED: Neuter sys_capset()

Take away the ability for sys_capset() to affect processes other than current.

This means that current will not need to lock its own credentials when reading
them against interference by other processes.

This has effectively been the case for a while anyway, since:

(1) Without LSM enabled, sys_capset() is disallowed.

(2) With file-based capabilities, sys_capset() is neutered.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: Andrew G. Morgan <morgan@kernel.org>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: James Morris <jmorris@namei.org>

fs/open.c		diff \| blob \| history
include/linux/security.h		diff \| blob \| history
kernel/capability.c		diff \| blob \| history
security/commoncap.c		diff \| blob \| history
security/security.c		diff \| blob \| history
security/selinux/hooks.c		diff \| blob \| history