Merge commit a4ae32c7 ("exec: Always set cap_ambient in cap_bprm_set_creds")

This is a bug fix and one of two places where I have found that the result of calling security_bprm_repopulate_creds more than once on different bprm->files depends on all of the bprm->files not just the file bprm->file. I intend to fix both of those cases and then modify the code to only call security_bprm_repopulate_creds on the final bprm file. So merge this change in so I hopefully reduce conflicts for others and I make it possible to build on top of this change. Signed-off-by: N "Eric W. Biederman" <ebiederm@xmission.com>

Merge commit a4ae32c7 ("exec: Always set cap_ambient in cap_bprm_set_creds")
This is a bug fix and one of two places where I have found that the result of calling security_bprm_repopulate_creds more than once on different bprm->files depends on all of the bprm->files not just the file bprm->file. I intend to fix both of those cases and then modify the code to only call security_bprm_repopulate_creds on the final bprm file. So merge this change in so I hopefully reduce conflicts for others and I make it possible to build on top of this change. Signed-off-by: N "Eric W. Biederman" <ebiederm@xmission.com>
e32f8879 · Eric W. Biederman · 01159348 · a4ae32c7 · e32f8879
隐藏空白更改
内联并排

Showing with 1 addition and 0 deletion

security/commoncap.c security/commoncap.c +1 -0

未找到文件。
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -812,6 +812,7 @@ int cap_bprm_repopulate_creds(struct linux_binprm *bprm)
 	int ret;
 	kuid_t root_uid;

+	new->cap_ambient = old->cap_ambient;
 	if (WARN_ON(!cap_ambient_invariant_ok(old)))
 		return -EPERM;