tomoyo: add missing call to cap_bprm_set_creds

cap_bprm_set_creds() has to be called from security_bprm_set_creds(). TOMOYO forgot to call cap_bprm_set_creds() from tomoyo_bprm_set_creds() and suid executables were not being working. Make sure we call cap_bprm_set_creds() with TOMOYO, to set credentials properly inside tomoyo_bprm_set_creds(). Signed-off-by: N Herton Ronaldo Krzesinski <herton@mandriva.com.br> Acked-by: N Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: N James Morris <jmorris@namei.org>

tomoyo: add missing call to cap_bprm_set_creds
cap_bprm_set_creds() has to be called from security_bprm_set_creds(). TOMOYO forgot to call cap_bprm_set_creds() from tomoyo_bprm_set_creds() and suid executables were not being working. Make sure we call cap_bprm_set_creds() with TOMOYO, to set credentials properly inside tomoyo_bprm_set_creds(). Signed-off-by: N Herton Ronaldo Krzesinski <herton@mandriva.com.br> Acked-by: N Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: N James Morris <jmorris@namei.org>
b1338d19 · Herton Ronaldo Krzesinski · James Morris · e2a1b9ee · b1338d19
隐藏空白更改
内联并排

Showing with 6 addition and 0 deletion

security/tomoyo/tomoyo.c security/tomoyo/tomoyo.c +6 -0

未找到文件。
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -27,6 +27,12 @@ static int tomoyo_cred_prepare(struct cred *new, const struct cred *old,

 static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
 {
+	int rc;
+
+	rc = cap_bprm_set_creds(bprm);
+	if (rc)
+		return rc;
+
 	/*
 	 * Do only if this function is called for the first time of an execve
 	 * operation.