projects
/
firefly-linux-kernel-4.4.55.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
capabilities: add a securebit to disable PR_CAP_AMBIENT_RAISE
[firefly-linux-kernel-4.4.55.git]
/
security
/
commoncap.c
diff --git
a/security/commoncap.c
b/security/commoncap.c
index 1f74dde1063e5a3c37da328ee8e8f8490f8aa1ef..1832cf701c3d6d44d90adeb278bd04bca489d274 100644
(file)
--- a/
security/commoncap.c
+++ b/
security/commoncap.c
@@
-993,7
+993,8
@@
int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
if (arg2 == PR_CAP_AMBIENT_RAISE &&
(!cap_raised(current_cred()->cap_permitted, arg3) ||
!cap_raised(current_cred()->cap_inheritable,
- arg3)))
+ arg3) ||
+ issecure(SECURE_NO_CAP_AMBIENT_RAISE)))
return -EPERM;
new = prepare_creds();