Re: [PATCH] properly split capset_check+capset_set

From: Alan Cox
Date: Tue Jan 04 2005 - 19:11:33 EST

Next message: Andrew McGregor: "Re: Real-time rw-locks (Re: [patch] Real-Time Preemption, -RT-2.6.10-rc2-mm3-V0.7.32-15)"
Previous message: Alan Cox: "Re: VIA IDE - dma_timer_expiry - 2.4.28"
In reply to: Stephen Smalley: "Re: [PATCH] properly split capset_check+capset_set"
Next in thread: Chris Wright: "Re: [PATCH] properly split capset_check+capset_set"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Maw, 2005-01-04 at 16:27, Serge E. Hallyn wrote:
> The attached patch removes checks from kernel/capability.c which are
> redundant with cap_capset_check() code, and moves the capset_check()
> calls to immediately before the capset_set() calls. This allows
> capset_check() to accurately check the setter's permission to set caps
> on the target. Please apply.

Why does this help ?

A partial failure now returns no error ?

);
> + while_each_thread(g, target) {
> + if (!security_capset_check(target, effective,
> + inheritable,
> + permitted)) {
> + security_capset_set(target, effective,
> + inheritable,
> + permitted);
> + ret = 0;
> + }
> + found = 1;

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew McGregor: "Re: Real-time rw-locks (Re: [patch] Real-Time Preemption, -RT-2.6.10-rc2-mm3-V0.7.32-15)"
Previous message: Alan Cox: "Re: VIA IDE - dma_timer_expiry - 2.4.28"
In reply to: Stephen Smalley: "Re: [PATCH] properly split capset_check+capset_set"
Next in thread: Chris Wright: "Re: [PATCH] properly split capset_check+capset_set"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]