On Thu, Feb 26, 2015 at 03:23:35PM -0600, Christoph Lameter wrote:
> On Thu, 26 Feb 2015, Serge E. Hallyn wrote:
>
> > No. fE is not "not available". If you set it with setcap, you *should*
> > (if i'm tinking right) find fE full when calculating the new capability
> > sets, because of magic_etc.
>
> There is nothing in get_vfs_caps_from_disk that does this and the magic
> vanishes after this function is done.
get_vfs_caps_from_disk does:
cpu_caps->magic_etc = magic_etc = le32_to_cpu(caps.magic_etc);
then bprm_caps_from_vfs_caps does:
if (caps->magic_etc & VFS_CAP_FLAGS_EFFECTIVE)
*effective = true;
and finally cap_bprm_set_creds does:
if (effective)
new->cap_effective = new->cap_permitted;
else
cap_clear(new->cap_effective);
--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
