git://git.onelab.eu
/
linux-2.6.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fedora kernel-2.6.17-1.2142_FC4 patched with stable patch-2.6.17.4-vs2.0.2-rc26.diff
[linux-2.6.git]
/
security
/
commoncap.c
diff --git
a/security/commoncap.c
b/security/commoncap.c
index
f067e8a
..
cd90b22
100644
(file)
--- a/
security/commoncap.c
+++ b/
security/commoncap.c
@@
-7,6
+7,7
@@
*
*/
*
*/
+#include <linux/capability.h>
#include <linux/config.h>
#include <linux/module.h>
#include <linux/init.h>
#include <linux/config.h>
#include <linux/module.h>
#include <linux/init.h>
@@
-59,8
+60,8
@@
int cap_settime(struct timespec *ts, struct timezone *tz)
int cap_ptrace (struct task_struct *parent, struct task_struct *child)
{
/* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */
int cap_ptrace (struct task_struct *parent, struct task_struct *child)
{
/* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */
- if (!cap_issubset
(child->cap_permitted, cur
rent->cap_permitted) &&
- !
capable(
CAP_SYS_PTRACE))
+ if (!cap_issubset
(child->cap_permitted, pa
rent->cap_permitted) &&
+ !
__capable(parent,
CAP_SYS_PTRACE))
return -EPERM;
return 0;
}
return -EPERM;
return 0;
}
@@
-149,7
+150,7
@@
void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe)
if (bprm->e_uid != current->uid || bprm->e_gid != current->gid ||
!cap_issubset (new_permitted, current->cap_permitted)) {
if (bprm->e_uid != current->uid || bprm->e_gid != current->gid ||
!cap_issubset (new_permitted, current->cap_permitted)) {
- current->mm->dumpable =
0
;
+ current->mm->dumpable =
suid_dumpable
;
if (unsafe & ~LSM_UNSAFE_PTRACE_CAP) {
if (!capable(CAP_SETUID)) {
if (unsafe & ~LSM_UNSAFE_PTRACE_CAP) {
if (!capable(CAP_SETUID)) {
@@
-311,7
+312,8
@@
void cap_task_reparent_to_init (struct task_struct *p)
int cap_syslog (int type)
{
int cap_syslog (int type)
{
- if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN))
+ if ((type != 3 && type != 10) &&
+ !vx_capable(CAP_SYS_ADMIN, VXC_SYSLOG))
return -EPERM;
return 0;
}
return -EPERM;
return 0;
}