Eric Lee / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit 4bf2ea77dba76a22f49db3c10773896aaeeb8f66

Authored by Eric Paris
Committed by James Morris
1 parent 17f60a7da1
Exists in master and in 39 other branches 8mp-imx_5.4.70_2.3.0, 8qm-imx_5.4.70_2.3.0, emb_imx_lf-5.15.y, emb_lf-6.1.y, imx_3.0.35_4.1.0, imx_3.10.17_1.0.1_ga, imx_3.10.53_1.1.0_ga, imx_3.14.28_1.0.0_ga, imx_4.1.15_1.0.0_ga, pitx_8mp_lf-5.10.y, rt-smarc-imx_4.1.15_1.0.0_ga, rt_linux_5.15.71, smarc-8m-android-11.0.0_2.0.0, smarc-imx6_4.14.98_2.0.0_ga, smarc-imx6_4.9.88_2.0.0_ga, smarc-imx7_4.14.98_2.0.0_ga, smarc-imx7_4.9.11_1.0.0_ga, smarc-imx7_4.9.88_2.0.0_ga, smarc-imx_3.10.53_1.1.0_ga, smarc-imx_3.14.28_1.0.0_ga, smarc-imx_4.1.15_1.0.0_ga, smarc-imx_4.9.11_1.0.0_ga, smarc-imx_4.9.51_imx8m_ga, smarc-imx_4.9.88_2.0.0_ga, smarc-m6.0.1_2.1.0-ga, smarc-n7.1.2_2.0.0-ga, smarc-rel_imx_4.1.15_1.2.0_ga, smarc_8m_00d0_imx_4.14.98_2.0.0_ga, smarc_8m_imx_4.14.78_1.0.0_ga, smarc_8m_imx_4.14.98_2.0.0_ga, smarc_8m_imx_4.19.35_1.1.0, smarc_8mm_imx_4.14.78_1.0.0_ga, smarc_8mm_imx_4.14.98_2.0.0_ga, smarc_8mm_imx_4.19.35_1.1.0, smarc_8mm_imx_5.4.24_2.1.0, smarc_8mp_lf-5.10.y, smarc_8mq_imx_5.4.24_2.1.0, smarc_8mq_lf-5.10.y, smarc_imx_lf-5.15.y

capabilities: do not special case exec of init 

When the global init task is exec'd we have special case logic to make sure
the pE is not reduced.  There is no reason for this.  If init wants to drop
it's pE is should be allowed to do so.  Remove this special logic.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
Acked-by: David Howells <dhowells@redhat.com>
Acked-by: Andrew G. Morgan <morgan@kernel.org>
Signed-off-by: James Morris <jmorris@namei.org>

Showing 1 changed file with 4 additions and 9 deletions Side-by-side Diff

security/commoncap.c
Diff comments   View file @ 4bf2ea7
... ... @@ -529,15 +529,10 @@
529 529 new->suid = new->fsuid = new->euid;
530 530 new->sgid = new->fsgid = new->egid;
531 531  
532   - /* For init, we want to retain the capabilities set in the initial
533   - * task. Thus we skip the usual capability rules
534   - */
535   - if (!is_global_init(current)) {
536   - if (effective)
537   - new->cap_effective = new->cap_permitted;
538   - else
539   - cap_clear(new->cap_effective);
540   - }
  532 + if (effective)
  533 + new->cap_effective = new->cap_permitted;
  534 + else
  535 + cap_clear(new->cap_effective);
541 536 bprm->cap_effective = effective;
542 537  
543 538 /*