aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2012-05-14 13:19:28 -0400
committerJames Morris <james.l.morris@oracle.com>2012-05-14 20:27:57 -0400
commit2cc8a71641b4460783ea3bd7a3476043fdf85397 (patch)
treefe8a39bbedc403306c3a0c2f773a4499d6ae99ec /security
parent77b513dda90fd99bd1225410b25e745b74779c1c (diff)
Yama: replace capable() with ns_capable()
When checking capabilities, the question we want to be asking is "does current() have the capability in the child's namespace?" Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'security')
-rw-r--r--security/yama/yama_lsm.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
index c852f7472ad0..83554ee8a587 100644
--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c
@@ -264,11 +264,11 @@ static int yama_ptrace_access_check(struct task_struct *child,
264 case YAMA_SCOPE_RELATIONAL: 264 case YAMA_SCOPE_RELATIONAL:
265 if (!task_is_descendant(current, child) && 265 if (!task_is_descendant(current, child) &&
266 !ptracer_exception_found(current, child) && 266 !ptracer_exception_found(current, child) &&
267 !capable(CAP_SYS_PTRACE)) 267 !ns_capable(task_user_ns(child), CAP_SYS_PTRACE))
268 rc = -EPERM; 268 rc = -EPERM;
269 break; 269 break;
270 case YAMA_SCOPE_CAPABILITY: 270 case YAMA_SCOPE_CAPABILITY:
271 if (!capable(CAP_SYS_PTRACE)) 271 if (!ns_capable(task_user_ns(child), CAP_SYS_PTRACE))
272 rc = -EPERM; 272 rc = -EPERM;
273 break; 273 break;
274 case YAMA_SCOPE_NO_ATTACH: 274 case YAMA_SCOPE_NO_ATTACH: