summaryrefslogtreecommitdiffstats
path: root/security/smack/smack_lsm.c
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2008-11-14 10:39:14 +1100
committerJames Morris <jmorris@namei.org>2008-11-14 10:39:14 +1100
commit1cdcbec1a3372c0c49c59d292e708fd07b509f18 (patch)
treed1bd302c8d66862da45b494cbc766fb4caa5e23e /security/smack/smack_lsm.c
parent8bbf4976b59fc9fc2861e79cab7beb3f6d647640 (diff)
downloadlinux-1cdcbec1a3372c0c49c59d292e708fd07b509f18.tar.gz
linux-1cdcbec1a3372c0c49c59d292e708fd07b509f18.tar.bz2
linux-1cdcbec1a3372c0c49c59d292e708fd07b509f18.zip
CRED: Neuter sys_capset()
Take away the ability for sys_capset() to affect processes other than current. This means that current will not need to lock its own credentials when reading them against interference by other processes. This has effectively been the case for a while anyway, since: (1) Without LSM enabled, sys_capset() is disallowed. (2) With file-based capabilities, sys_capset() is neutered. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Acked-by: Andrew G. Morgan <morgan@kernel.org> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/smack/smack_lsm.c')
0 files changed, 0 insertions, 0 deletions