On Sat, 14 Mar 2015, Andrew G. Morgan wrote:
>
> I thought I did. Please implement a lockable secure bit and I will
Would this suffice? It puts the CAP_SETPCAP limitation back to how it
was in my earlier patch.
Subject: ambient caps: Allow disabling with SETPCAP
Do not allow setting ambient caps if CAP_SETPCAP is not set.
Signed-off-by: Christoph Lameter <cl@xxxxxxxxx>
Index: linux/security/commoncap.c
===================================================================
--- linux.orig/security/commoncap.c
+++ linux/security/commoncap.c
@@ -962,6 +962,9 @@ int cap_task_prctl(int option, unsigned
if (((!cap_valid(arg3)) | arg4 | arg5))
return -EINVAL;
+ if (!ns_capable(current_user_ns(), CAP_SETPCAP))
+ return -EPERM;
+
if (arg2 == PR_CAP_AMBIENT_GET) {
return !!cap_raised(current_cred()->cap_ambient, arg3);
} else if (arg2 != PR_CAP_AMBIENT_RAISE &&
--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
