Re: [PATCH] Realtime LSM

[Chris Wright]

relative to last one.

--- security/realtime.c~module_param	2004-10-08 15:03:41.000000000 -0700
+++ security/realtime.c	2004-10-08 15:18:40.627410864 -0700
@@ -84,12 +84,8 @@
 
 int realtime_bprm_set_security(struct linux_binprm *bprm)
 {
-	/* Copied from security/commoncap.c: cap_bprm_set_security()... */
-	/* Copied from fs/exec.c:prepare_binprm. */
-	/* We don't have VFS support for capabilities yet */
-	cap_clear(bprm->cap_inheritable);
-	cap_clear(bprm->cap_permitted);
-	cap_clear(bprm->cap_effective);
+
+	cap_bprm_set_security(bprm);
 
 	/*  If a non-zero `any' parameter was specified, we grant
 	 *  realtime privileges to every process.  If the `gid'
@@ -104,28 +100,10 @@
 		if (mlock) {
 			cap_raise(bprm->cap_effective, CAP_IPC_LOCK);
 			cap_raise(bprm->cap_permitted, CAP_IPC_LOCK);
-			cap_raise(bprm->cap_effective,
-				  CAP_SYS_RESOURCE);
-			cap_raise(bprm->cap_permitted,
-				  CAP_SYS_RESOURCE);
+			cap_raise(bprm->cap_effective, CAP_SYS_RESOURCE);
+			cap_raise(bprm->cap_permitted, CAP_SYS_RESOURCE);
 		}
 	}
-
-	/*  To support inheritance of root-permissions and suid-root
-	 *  executables under compatibility mode, we raise all three
-	 *  capability sets for the file.
-	 *
-	 *  If only the real uid is 0, we only raise the inheritable
-	 *  and permitted sets of the executable file.
-	 */
-
-	if (bprm->e_uid == 0 || current->uid == 0) {
-		cap_set_full(bprm->cap_inheritable);
-		cap_set_full(bprm->cap_permitted);
-	}
-	if (bprm->e_uid == 0)
-		cap_set_full(bprm->cap_effective);
-
 	return 0;
 }
 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/