diff options
| author | Patrick McHardy <kaber@trash.net> | 2011-03-03 16:32:07 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2011-03-03 16:32:07 -0500 |
| commit | 01a16b21d6adf992aa863186c3c4e561a57c1714 (patch) | |
| tree | a3b1c81e5a5e6a0e9069e4d3a15576741ed34776 /security | |
| parent | 63f97425166a1a16279c1a5720e9dfcb2c12ad1b (diff) | |
netlink: kill eff_cap from struct netlink_skb_parms
Netlink message processing in the kernel is synchronous these days,
capabilities can be checked directly in security_netlink_recv() from
the current process.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Reviewed-by: James Morris <jmorris@namei.org>
[chrisw: update to include pohmelfs and uvesafb]
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security')
| -rw-r--r-- | security/commoncap.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index 64c2ed9c9015..a83e607d91c3 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
| @@ -52,13 +52,12 @@ static void warn_setuid_and_fcaps_mixed(const char *fname) | |||
| 52 | 52 | ||
| 53 | int cap_netlink_send(struct sock *sk, struct sk_buff *skb) | 53 | int cap_netlink_send(struct sock *sk, struct sk_buff *skb) |
| 54 | { | 54 | { |
| 55 | NETLINK_CB(skb).eff_cap = current_cap(); | ||
| 56 | return 0; | 55 | return 0; |
| 57 | } | 56 | } |
| 58 | 57 | ||
| 59 | int cap_netlink_recv(struct sk_buff *skb, int cap) | 58 | int cap_netlink_recv(struct sk_buff *skb, int cap) |
| 60 | { | 59 | { |
| 61 | if (!cap_raised(NETLINK_CB(skb).eff_cap, cap)) | 60 | if (!cap_raised(current_cap(), cap)) |
| 62 | return -EPERM; | 61 | return -EPERM; |
| 63 | return 0; | 62 | return 0; |
| 64 | } | 63 | } |