From: Andrew G. Morgan <morgan@kernel.org>
Date: Fri, 4 Jul 2008 16:59:59 +0000 (-0700)
Subject: security: filesystem capabilities: fix CAP_SETPCAP handling
X-Git-Tag: v2.6.26-rc9~22
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1209726ce942047c9fefe7cd427dc36f8e9ded53;p=pandora-kernel.git

security: filesystem capabilities: fix CAP_SETPCAP handling

The filesystem capability support meaning for CAP_SETPCAP is less powerful
than the non-filesystem capability support.  As such, when filesystem
capabilities are configured, we should not permit CAP_SETPCAP to 'enhance'
the current process through strace manipulation of a child process.

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---

Reading git-diff-tree failed