aboutsummaryrefslogtreecommitdiffstats
path: root/security/commoncap.c
diff options
context:
space:
mode:
authorSukadev Bhattiprolu <sukadev@us.ibm.com>2006-09-29 05:00:07 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-09-29 12:18:12 -0400
commitf400e198b2ed26ce55b22a1412ded0896e7516ac (patch)
treea3d78bfc1c20635e199fe0fe85aaa1d8792acc58 /security/commoncap.c
parent959ed340f4867fda7684340625f60e211c2296d6 (diff)
[PATCH] pidspace: is_init()
This is an updated version of Eric Biederman's is_init() patch. (http://lkml.org/lkml/2006/2/6/280). It applies cleanly to 2.6.18-rc3 and replaces a few more instances of ->pid == 1 with is_init(). Further, is_init() checks pid and thus removes dependency on Eric's other patches for now. Eric's original description: There are a lot of places in the kernel where we test for init because we give it special properties. Most significantly init must not die. This results in code all over the kernel test ->pid == 1. Introduce is_init to capture this case. With multiple pid spaces for all of the cases affected we are looking for only the first process on the system, not some other process that has pid == 1. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Sukadev Bhattiprolu <sukadev@us.ibm.com> Cc: Dave Hansen <haveblue@us.ibm.com> Cc: Serge Hallyn <serue@us.ibm.com> Cc: Cedric Le Goater <clg@fr.ibm.com> Cc: <lxc-devel@lists.sourceforge.net> Acked-by: Paul Mackerras <paulus@samba.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'security/commoncap.c')
-rw-r--r--security/commoncap.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/commoncap.c b/security/commoncap.c
index f50fc298cf80..5a5ef5ca7ea9 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -169,7 +169,7 @@ void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe)
169 /* For init, we want to retain the capabilities set 169 /* For init, we want to retain the capabilities set
170 * in the init_task struct. Thus we skip the usual 170 * in the init_task struct. Thus we skip the usual
171 * capability rules */ 171 * capability rules */
172 if (current->pid != 1) { 172 if (!is_init(current)) {
173 current->cap_permitted = new_permitted; 173 current->cap_permitted = new_permitted;
174 current->cap_effective = 174 current->cap_effective =
175 cap_intersect (new_permitted, bprm->cap_effective); 175 cap_intersect (new_permitted, bprm->cap_effective);