[PATCH] track capabilities in default dummy security module code
From: Chris Wright
Date: Tue Jan 04 2005 - 19:19:20 EST
Switch dummy logic around to set cap_* bits during exec and set*uid based
on basic uid check. Then check cap_* bits during capable() (rather than
doing basic uid check). This ensures that capability bits are properly
initialized in case the capability module is later loaded.
Signed-off-by: Chris Wright <chrisw@xxxxxxxx>
===== security/dummy.c 1.49 vs edited =====
--- 1.49/security/dummy.c 2005-01-03 15:49:14 -08:00
+++ edited/security/dummy.c 2005-01-04 13:14:10 -08:00
@@ -74,11 +74,8 @@ static int dummy_acct (struct file *file
static int dummy_capable (struct task_struct *tsk, int cap)
{
- if (cap_is_fs_cap (cap) ? tsk->fsuid == 0 : tsk->euid == 0)
- /* capability granted */
+ if (cap_raised (tsk->cap_effective, cap))
return 0;
-
- /* capability denied */
return -EPERM;
}
@@ -183,6 +180,7 @@ static int dummy_bprm_alloc_security (st
static void dummy_bprm_free_security (struct linux_binprm *bprm)
{
+ dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted);
return;
}
@@ -558,6 +556,7 @@ static int dummy_task_setuid (uid_t id0,
static int dummy_task_post_setuid (uid_t id0, uid_t id1, uid_t id2, int flags)
{
+ dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted);
return 0;
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/