summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2017-01-23 05:26:31 +0100
committerEric W. Biederman <ebiederm@xmission.com>2017-01-24 00:03:08 +0100
commit9227dd2a84a765fcfef1677ff17de0958b192eda (patch)
tree8dc953fa3145922b6db30c8ebf9f34ff018bde5b /security
parentexec: Test the ptracer's saved cred to see if the tracee can gain caps (diff)
downloadlinux-9227dd2a84a765fcfef1677ff17de0958b192eda.tar.xz
linux-9227dd2a84a765fcfef1677ff17de0958b192eda.zip
exec: Remove LSM_UNSAFE_PTRACE_CAP
With previous changes every location that tests for LSM_UNSAFE_PTRACE_CAP also tests for LSM_UNSAFE_PTRACE making the LSM_UNSAFE_PTRACE_CAP redundant, so remove it. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/domain.c2
-rw-r--r--security/commoncap.c2
-rw-r--r--security/selinux/hooks.c3
-rw-r--r--security/smack/smack_lsm.c2
4 files changed, 4 insertions, 5 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index a4d90aa1045a..04185b7fd38a 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -469,7 +469,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
;
}
- if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
+ if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
error = may_change_ptraced_domain(new_profile);
if (error)
goto audit;
diff --git a/security/commoncap.c b/security/commoncap.c
index cbb203c91406..8ec6b7fe909e 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -548,7 +548,7 @@ skip:
if ((is_setid ||
!cap_issubset(new->cap_permitted, old->cap_permitted)) &&
- ((bprm->unsafe & ~(LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) ||
+ ((bprm->unsafe & ~LSM_UNSAFE_PTRACE) ||
!ptracer_capable(current, new->user_ns))) {
/* downgrade; they get no more than they had, and maybe less */
if (!ns_capable(new->user_ns, CAP_SETUID) ||
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index c7c6619431d5..cece6fe55f02 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2404,8 +2404,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
/* Make sure that anyone attempting to ptrace over a task that
* changes its SID has the appropriate permit */
- if (bprm->unsafe &
- (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
+ if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
u32 ptsid = ptrace_parent_sid(current);
if (ptsid != 0) {
rc = avc_has_perm(ptsid, new_tsec->sid,
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 94dc9d406ce3..bc2ff09f1494 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -934,7 +934,7 @@ static int smack_bprm_set_creds(struct linux_binprm *bprm)
isp->smk_task != sbsp->smk_root)
return 0;
- if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
+ if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
struct task_struct *tracer;
rc = 0;