diff options
author | Kees Cook <keescook@chromium.org> | 2012-05-14 13:19:28 -0400 |
---|---|---|
committer | James Morris <james.l.morris@oracle.com> | 2012-05-14 20:27:57 -0400 |
commit | 2cc8a71641b4460783ea3bd7a3476043fdf85397 (patch) | |
tree | fe8a39bbedc403306c3a0c2f773a4499d6ae99ec /security | |
parent | 77b513dda90fd99bd1225410b25e745b74779c1c (diff) |
Yama: replace capable() with ns_capable()
When checking capabilities, the question we want to be asking is "does
current() have the capability in the child's namespace?"
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/yama/yama_lsm.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index c852f7472ad0..83554ee8a587 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c | |||
@@ -264,11 +264,11 @@ static int yama_ptrace_access_check(struct task_struct *child, | |||
264 | case YAMA_SCOPE_RELATIONAL: | 264 | case YAMA_SCOPE_RELATIONAL: |
265 | if (!task_is_descendant(current, child) && | 265 | if (!task_is_descendant(current, child) && |
266 | !ptracer_exception_found(current, child) && | 266 | !ptracer_exception_found(current, child) && |
267 | !capable(CAP_SYS_PTRACE)) | 267 | !ns_capable(task_user_ns(child), CAP_SYS_PTRACE)) |
268 | rc = -EPERM; | 268 | rc = -EPERM; |
269 | break; | 269 | break; |
270 | case YAMA_SCOPE_CAPABILITY: | 270 | case YAMA_SCOPE_CAPABILITY: |
271 | if (!capable(CAP_SYS_PTRACE)) | 271 | if (!ns_capable(task_user_ns(child), CAP_SYS_PTRACE)) |
272 | rc = -EPERM; | 272 | rc = -EPERM; |
273 | break; | 273 | break; |
274 | case YAMA_SCOPE_NO_ATTACH: | 274 | case YAMA_SCOPE_NO_ATTACH: |