diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2020-05-27 22:37:33 -0500 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2020-05-27 22:37:33 -0500 |
commit | e32f8879019535b899bc3d51f371e17526f208d1 (patch) | |
tree | 5e3799680245c5b768572408a4207355680c374b | |
parent | 011593480d2931392bc167f7a20c82a6c34114fd (diff) | |
parent | a4ae32c71fe90794127b32d26d7ad795813b502e (diff) | |
download | linux-e32f8879019535b899bc3d51f371e17526f208d1.tar.gz linux-e32f8879019535b899bc3d51f371e17526f208d1.tar.bz2 linux-e32f8879019535b899bc3d51f371e17526f208d1.zip |
Merge commit a4ae32c71fe9 ("exec: Always set cap_ambient in cap_bprm_set_creds")
This is a bug fix and one of two places where I have found that the
result of calling security_bprm_repopulate_creds more than once on
different bprm->files depends on all of the bprm->files not just the
file bprm->file.
I intend to fix both of those cases and then modify the code to
only call security_bprm_repopulate_creds on the final bprm file.
So merge this change in so I hopefully reduce conflicts for others
and I make it possible to build on top of this change.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
-rw-r--r-- | security/commoncap.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index 045b5b80ea40..77b04cb6feac 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -812,6 +812,7 @@ int cap_bprm_repopulate_creds(struct linux_binprm *bprm) int ret; kuid_t root_uid; + new->cap_ambient = old->cap_ambient; if (WARN_ON(!cap_ambient_invariant_ok(old))) return -EPERM; |