dummy_capget

Previous message: Bryce: "How long are you going to wait for a better deal"
Next in thread: Stephen Smalley: "Re: dummy_capget"
Reply: Stephen Smalley: "Re: dummy_capget"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

purnaat_private

Hi,

Maybe, this was an old topic. I have tried to dig up
LKML and LSM archives, but haven't yet find yet the answer.

Can anybody explain why dummy_capget LSM 2.4 was changed
after the ChangeSet 1.376.1.3 2003/01/03 14:33:28 sdsat_private?
(see below)

Does the changes really matter in Linux 2.4?

Thank you,
Purna

---
BEFORE:

static int dummy_capget (struct task_struct *target, kernel_cap_t * effective,
                         kernel_cap_t * inheritable, kernel_cap_t * permitted)
{
        return 0;
}

AFTER:

static int dummy_capget (struct task_struct *target, kernel_cap_t * effective,
                         kernel_cap_t * inheritable, kernel_cap_t * permitted)
{
        *effective = *inheritable = *permitted = 0;
        if (!issecure(SECURE_NOROOT)) {
                if (target->euid == 0) {
                        *permitted |= (~0 & ~CAP_FS_MASK);
                        *effective |= (~0 & ~CAP_TO_MASK(CAP_SETPCAP) & ~CAP_FS_MASK);
                }
                if (target->fsuid == 0) {
                        *permitted |= CAP_FS_MASK;
                        *effective |= CAP_FS_MASK;
                }
        }
        return 0;
}
---

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module