diff options
| author | Mark Brown <broonie@kernel.org> | 2016-03-18 09:45:54 +0000 |
|---|---|---|
| committer | Mark Brown <broonie@kernel.org> | 2016-03-18 09:45:54 +0000 |
| commit | ddbcfcba5fdc56f30e4d02c3bac8cf965502cece (patch) | |
| tree | 235f05605003ed8dc119ead980cf86157eb695e8 /security/commoncap.c | |
| parent | dfabba9c3737ce7a2574dcf58940f038e536e233 (diff) | |
| parent | 62e21959dc6f25c5fce0c1a0934e4a9d982bf99b (diff) | |
Merge tag 'v4.4.5' into linux-linaro-lsk-v4.4
This is the 4.4.5 stable release
# gpg: Signature made Wed 09 Mar 2016 23:36:03 GMT using RSA key ID 6092693E
# gpg: Good signature from "Greg Kroah-Hartman (Linux kernel stable release signing key) <greg@kroah.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 647F 2865 4894 E3BD 4571 99BE 38DB BDC8 6092 693E
Diffstat (limited to 'security/commoncap.c')
| -rw-r--r-- | security/commoncap.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index 1832cf701c3d..48071ed7c445 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -137,12 +137,17 @@ int cap_ptrace_access_check(struct task_struct *child, unsigned int mode) { int ret = 0; const struct cred *cred, *child_cred; + const kernel_cap_t *caller_caps; rcu_read_lock(); cred = current_cred(); child_cred = __task_cred(child); + if (mode & PTRACE_MODE_FSCREDS) + caller_caps = &cred->cap_effective; + else + caller_caps = &cred->cap_permitted; if (cred->user_ns == child_cred->user_ns && - cap_issubset(child_cred->cap_permitted, cred->cap_permitted)) + cap_issubset(child_cred->cap_permitted, *caller_caps)) goto out; if (ns_capable(child_cred->user_ns, CAP_SYS_PTRACE)) goto out; |