OpenSDV
/
linux-stable-rt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
linux-stable-rt/security
History
Andrew G. Morgan 1209726ce9 security: filesystem capabilities: fix CAP_SETPCAP handling 
The filesystem capability support meaning for CAP_SETPCAP is less powerful
than the non-filesystem capability support.  As such, when filesystem
capabilities are configured, we should not permit CAP_SETPCAP to 'enhance'
the current process through strace manipulation of a child process.

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
 		2008-07-04 10:40:08 -07:00
..
keys keys: remove unused key_alloc_sem 2008-06-06 11:29:11 -07:00
selinux [PATCH] split linux/file.h 2008-05-01 13:08:16 -04:00
smack Smack: fuse mount hang fix 2008-06-04 08:50:43 -07:00
Kconfig
Makefile
capability.c
commoncap.c security: filesystem capabilities: fix CAP_SETPCAP handling 2008-07-04 10:40:08 -07:00
device_cgroup.c devscgroup: make white list more compact in some cases 2008-06-06 11:29:11 -07:00
dummy.c capabilities: add (back) dummy support for KEEPCAPS 2008-06-12 18:05:40 -07:00
inode.c
root_plug.c
security.c