[Devel] Re: [PATCH RFC] capabilities: introduce per-process capability bounding set
Andrew Morgan
morgan at kernel.org
Wed Sep 19 21:16:58 PDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Serge E. Hallyn wrote:
> + case PR_GET_CAPBSET:
> + error = put_user(current->cap_bset, (unsigned long __user *)arg2);
> + break;
> + case PR_SET_CAPBSET:
> + if (!capable(CAP_SYS_ADMIN))
> + return -EPERM;
> + if (!cap_issubset(arg2, current->cap_bset))
> + return -EINVAL;
> + current->cap_bset = arg2;
> + break;
You need to pass the capability magic value in both get and set
directions... Otherwise, you'll not be able to tell what vintage of
cap_bset you are manipulating.
Cheers
Andrew
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFG8fQ0QheEq9QabfIRApzJAKCUSxj72X4F++kNGy29oO6FE/OGAgCeIrBw
dzyfE/XF2Fl71WQvIwu/E9s=
=hkFZ
-----END PGP SIGNATURE-----
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list