Andrew G. Morgan 1209726ce9 security: filesystem capabilities: fix CAP_SETPCAP handling ...

The filesystem capability support meaning for CAP_SETPCAP is less powerful
than the non-filesystem capability support.  As such, when filesystem
capabilities are configured, we should not permit CAP_SETPCAP to 'enhance'
the current process through strace manipulation of a child process.

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

2008-07-04 10:40:08 -07:00

..

keys

keys: remove unused key_alloc_sem

2008-06-06 11:29:11 -07:00

selinux

[PATCH] split linux/file.h

2008-05-01 13:08:16 -04:00

smack

Smack: fuse mount hang fix

2008-06-04 08:50:43 -07:00

capability.c

capabilities: implement per-process securebits

2008-04-28 08:58:26 -07:00

commoncap.c

security: filesystem capabilities: fix CAP_SETPCAP handling

2008-07-04 10:40:08 -07:00

device_cgroup.c

devscgroup: make white list more compact in some cases

2008-06-06 11:29:11 -07:00

dummy.c

capabilities: add (back) dummy support for KEEPCAPS

2008-06-12 18:05:40 -07:00

inode.c

Kobject: convert remaining kobject_unregister() to kobject_put()

2008-01-24 20:40:40 -08:00

Kconfig

security: enhance DEFAULT_MMAP_MIN_ADDR description

2008-04-18 20:26:18 +10:00

Makefile

cgroups: implement device whitelist

2008-04-29 08:06:09 -07:00

root_plug.c

root_plug: use cap_task_prctl

2008-04-28 08:58:27 -07:00

security.c

Security: Make secctx_to_secid() take const secdata

2008-04-30 08:23:51 +10:00