kernel-fxtec-pro1x/security
David Howells 1cdcbec1a3 CRED: Neuter sys_capset()
Take away the ability for sys_capset() to affect processes other than current.

This means that current will not need to lock its own credentials when reading
them against interference by other processes.

This has effectively been the case for a while anyway, since:

 (1) Without LSM enabled, sys_capset() is disallowed.

 (2) With file-based capabilities, sys_capset() is neutered.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: Andrew G. Morgan <morgan@kernel.org>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: James Morris <jmorris@namei.org>
2008-11-14 10:39:14 +11:00
..
keys KEYS: Alter use of key instantiation link-to-keyring argument 2008-11-14 10:39:14 +11:00
selinux CRED: Neuter sys_capset() 2008-11-14 10:39:14 +11:00
smack Merge branch 'master' of git://git.infradead.org/users/pcmoore/lblnet-2.6_next into next 2008-10-11 09:26:14 +11:00
capability.c security: Fix setting of PF_SUPERPRIV by __capable() 2008-08-14 22:59:43 +10:00
commoncap.c CRED: Neuter sys_capset() 2008-11-14 10:39:14 +11:00
device_cgroup.c devcgroup: remove spin_lock() 2008-10-20 08:52:38 -07:00
inode.c integrity: special fs magic 2008-10-13 09:47:43 +11:00
Kconfig securityfs: do not depend on CONFIG_SECURITY 2008-08-28 10:47:42 +10:00
Makefile securityfs: do not depend on CONFIG_SECURITY 2008-08-28 10:47:42 +10:00
root_plug.c security: Fix setting of PF_SUPERPRIV by __capable() 2008-08-14 22:59:43 +10:00
security.c CRED: Neuter sys_capset() 2008-11-14 10:39:14 +11:00