diff options
| author | James Morris <jmorris@namei.org> | 2008-08-27 20:47:34 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-08-27 20:47:34 -0400 |
| commit | 86d688984deefa3ae5a802880c11f2b408b5d6cf (patch) | |
| tree | 7ea5e8189b0a774626d3ed7c3c87df2495a4c4a0 /security/commoncap.c | |
| parent | 93c06cbbf9fea5d5be1778febb7fa9ab1a74e5f5 (diff) | |
| parent | 4c246edd2550304df5b766cc841584b2bb058843 (diff) | |
Merge branch 'master' into next
Diffstat (limited to 'security/commoncap.c')
| -rw-r--r-- | security/commoncap.c | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index 4afbece37a08..e4c4b3fc0c04 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
| @@ -63,14 +63,24 @@ int cap_settime(struct timespec *ts, struct timezone *tz) | |||
| 63 | return 0; | 63 | return 0; |
| 64 | } | 64 | } |
| 65 | 65 | ||
| 66 | int cap_ptrace (struct task_struct *parent, struct task_struct *child, | 66 | int cap_ptrace_may_access(struct task_struct *child, unsigned int mode) |
| 67 | unsigned int mode) | ||
| 68 | { | 67 | { |
| 69 | /* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */ | 68 | /* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */ |
| 70 | if (!cap_issubset(child->cap_permitted, parent->cap_permitted) && | 69 | if (cap_issubset(child->cap_permitted, current->cap_permitted)) |
| 71 | !__capable(parent, CAP_SYS_PTRACE)) | 70 | return 0; |
| 72 | return -EPERM; | 71 | if (capable(CAP_SYS_PTRACE)) |
| 73 | return 0; | 72 | return 0; |
| 73 | return -EPERM; | ||
| 74 | } | ||
| 75 | |||
| 76 | int cap_ptrace_traceme(struct task_struct *parent) | ||
| 77 | { | ||
| 78 | /* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */ | ||
| 79 | if (cap_issubset(current->cap_permitted, parent->cap_permitted)) | ||
| 80 | return 0; | ||
| 81 | if (has_capability(parent, CAP_SYS_PTRACE)) | ||
| 82 | return 0; | ||
| 83 | return -EPERM; | ||
| 74 | } | 84 | } |
| 75 | 85 | ||
| 76 | int cap_capget (struct task_struct *target, kernel_cap_t *effective, | 86 | int cap_capget (struct task_struct *target, kernel_cap_t *effective, |
| @@ -534,7 +544,7 @@ int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, | |||
| 534 | static inline int cap_safe_nice(struct task_struct *p) | 544 | static inline int cap_safe_nice(struct task_struct *p) |
| 535 | { | 545 | { |
| 536 | if (!cap_issubset(p->cap_permitted, current->cap_permitted) && | 546 | if (!cap_issubset(p->cap_permitted, current->cap_permitted) && |
| 537 | !__capable(current, CAP_SYS_NICE)) | 547 | !capable(CAP_SYS_NICE)) |
| 538 | return -EPERM; | 548 | return -EPERM; |
| 539 | return 0; | 549 | return 0; |
| 540 | } | 550 | } |