bbs.cooldavid.org Git - net-next-2.6.git/commit

author	David Howells <dhowells@redhat.com>
	Thu, 13 Nov 2008 23:39:14 +0000 (10:39 +1100)
committer	James Morris <jmorris@namei.org>
	Thu, 13 Nov 2008 23:39:14 +0000 (10:39 +1100)
commit	1cdcbec1a3372c0c49c59d292e708fd07b509f18
tree	d1bd302c8d66862da45b494cbc766fb4caa5e23e	tree \| snapshot (tar.bz2 tar.gz zip)
parent	8bbf4976b59fc9fc2861e79cab7beb3f6d647640	commit \| diff

CRED: Neuter sys_capset()

Take away the ability for sys_capset() to affect processes other than current.

This means that current will not need to lock its own credentials when reading
them against interference by other processes.

This has effectively been the case for a while anyway, since:

(1) Without LSM enabled, sys_capset() is disallowed.

(2) With file-based capabilities, sys_capset() is neutered.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: Andrew G. Morgan <morgan@kernel.org>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: James Morris <jmorris@namei.org>

fs/open.c		diff \| blob \| blame \| history
include/linux/security.h		diff \| blob \| blame \| history
kernel/capability.c		diff \| blob \| blame \| history
security/commoncap.c		diff \| blob \| blame \| history
security/security.c		diff \| blob \| blame \| history
security/selinux/hooks.c		diff \| blob \| blame \| history