diff options
author | Serge Hallyn <serue@us.ibm.com> | 2005-01-04 05:09:53 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-01-04 05:09:53 -0800 |
commit | 2cf17bf6b5857ff2216931f4850cdd33ca2aab11 (patch) | |
tree | dc137698b5f885c32ec0dc6a4242ed33d9890f07 /security | |
parent | aa6b00059c4b523d79ef6ef247a62f9e2c623436 (diff) | |
download | history-2cf17bf6b5857ff2216931f4850cdd33ca2aab11.tar.gz |
[PATCH] properly split capset_check+capset_set
The attached patch removes checks from kernel/capability.c which are
redundant with cap_capset_check() code, and moves the capset_check() calls
to immediately before the capset_set() calls. This allows capset_check()
to accurately check the setter's permission to set caps on the target.
Please apply.
Signed-off-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/hooks.c | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index e0bb5d88d46a1a..8c5039bdbc0f26 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1403,12 +1403,6 @@ static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effect static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted) { - int error; - - error = task_has_perm(current, target, PROCESS__SETCAP); - if (error) - return; - secondary_ops->capset_set(target, effective, inheritable, permitted); } |