[PATCH] properly split capset_check+capset_set
The attached patch removes checks from kernel/capability.c which are redundant with cap_capset_check() code, and moves the capset_check() calls to immediately before the capset_set() calls. This allows capset_check() to accurately check the setter's permission to set caps on the target. Please apply. Signed-off-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Showing
Please register or sign in to comment