• Eric W. Biederman's avatar
    exec: Test the ptracer's saved cred to see if the tracee can gain caps · 20523132
    Eric W. Biederman authored
    Now that we have user namespaces and non-global capabilities verify
    the tracer has capabilities in the relevant user namespace instead
    of in the current_user_ns().
    
    As the test for setting LSM_UNSAFE_PTRACE_CAP is currently
    ptracer_capable(p, current_user_ns()) and the new task credentials are
    in current_user_ns() this change does not have any user visible change
    and simply moves the test to where it is used, making the code easier
    to read.
    Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
    20523132
commoncap.c 31.5 KB