2008-03-10 20:57:33

by Serge E. Hallyn

Subject: root_plug: use cap_task_prctl

With the introduction of per-process securebits, the capabilities-related
prctl callbacks were moved into cap_task_prctl(). Have root_plug use
cap_task_prctl() so that PR_SET_KEEPCAPS is defined.

(Andrew, I didn't put patch numbers here, but there are only two of
these. These are the LSMs which internalize capabilities. The dummy
module will continue to not support PR_SET_KEEPCAPS).

Signed-off-by: Serge E. Hallyn <[email protected]>
---
security/root_plug.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/security/root_plug.c b/security/root_plug.c
index 870f130..20d1c9c 100644
--- a/security/root_plug.c
+++ b/security/root_plug.c
@@ -86,6 +86,7 @@ static struct security_operations rootplug_security_ops = {

.task_post_setuid = cap_task_post_setuid,
.task_reparent_to_init = cap_task_reparent_to_init,
+ .task_prctl = cap_task_prctl,

.bprm_check_security = rootplug_bprm_check_security,
};
--
1.5.1

2008-03-10 21:15:11

by Greg KH

Subject: Re: root_plug: use cap_task_prctl

On Mon, Mar 10, 2008 at 03:57:20PM -0500, Serge E. Hallyn wrote:
> With the introduction of per-process securebits, the capabilities-related
> prctl callbacks were moved into cap_task_prctl(). Have root_plug use
> cap_task_prctl() so that PR_SET_KEEPCAPS is defined.
>
> (Andrew, I didn't put patch numbers here, but there are only two of
> these. These are the LSMs which internalize capabilities. The dummy
> module will continue to not support PR_SET_KEEPCAPS).
>
> Signed-off-by: Serge E. Hallyn <[email protected]>

Acked-by: Greg Kroah-Hartman <[email protected]>