From: Sukadev Bhattiprolu <sukadev@xxxxxxxxxx>
Subject: [PATCH] Fix capability.c to work with threaded init
When setting capabilities, cap_set_all() must skip all threads of the
container_init process - not just the main thread.
Signed-off-by: Sukadev Bhattiprolu <sukadev@xxxxxxxxxx>
---
kernel/capability.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: 2.6.23-rc2-mm2/kernel/capability.c
===================================================================
--- 2.6.23-rc2-mm2.orig/kernel/capability.c 2007-08-17 17:33:17.000000000 -0700
+++ 2.6.23-rc2-mm2/kernel/capability.c 2007-08-17 17:33:17.000000000 -0700
@@ -137,7 +137,7 @@ static inline int cap_set_all(kernel_cap
int found = 0;
do_each_thread(g, target) {
- if (target == current || is_container_init(target))
+ if (target == current || is_container_init(target->group_leader))
continue;
found = 1;
if (security_capset_check(target, effective, inheritable,
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
