On Mon, Jul 31, 2017 at 4:51 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote: > Instead of a separate function, open-code the cap_elevated test, which > lets us entirely remove bprm->cap_effective (to use the local "effective" > variable instead), and more accurately examine euid/egid changes via the > existing local "is_setid". > > The following LTP tests were run to validate the changes: > > # ./runltp -f syscalls -s cap > # ./runltp -f securebits > # ./runltp -f cap_bounds > # ./runltp -f filecaps > > All kernel selftests for capabilities and exec continue to pass as well. > > Cc: Andy Lutomirski <luto@xxxxxxxxxx> > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> > Reviewed-by: James Morris <james.l.morris@xxxxxxxxxx> > Acked-by: Serge Hallyn <serge@xxxxxxxxxx> Reviewed-by: Andy Lutomirski <luto@xxxxxxxxxx>
