projects / firefly-linux-kernel-4.4.55.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
capabilities: add a securebit to disable PR_CAP_AMBIENT_RAISE
[firefly-linux-kernel-4.4.55.git] / security / commoncap.c
diff --git a/security/commoncap.c b/security/commoncap.c
index 1f74dde1063e5a3c37da328ee8e8f8490f8aa1ef..1832cf701c3d6d44d90adeb278bd04bca489d274 100644 (file)
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -993,7 +993,8 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
                        if (arg2 == PR_CAP_AMBIENT_RAISE &&
                            (!cap_raised(current_cred()->cap_permitted, arg3) ||
                             !cap_raised(current_cred()->cap_inheritable,
-                                        arg3)))
+                                        arg3) ||
+                            issecure(SECURE_NO_CAP_AMBIENT_RAISE)))
                                return -EPERM;
 
                        new = prepare_creds();
Unnamed repository; edit this file 'description' to name the repository.