summaryrefslogtreecommitdiff
path: root/security/apparmor/include
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2020-03-16 20:21:12 +0300
committerEric W. Biederman <ebiederm@xmission.com>2020-05-20 22:44:21 +0300
commit87b047d2be417b271d80f5e490a825c6fd53ecad (patch)
tree9a238e1f1b56b7b999882eefaaae6d5b32bd6ea3 /security/apparmor/include
parentb127c16d0603e1f995e3d08b71d2c3100727e2c1 (diff)
downloadlinux-87b047d2be417b271d80f5e490a825c6fd53ecad.tar.xz
exec: Teach prepare_exec_creds how exec treats uids & gids
It is almost possible to use the result of prepare_exec_creds with no modifications during exec. Update prepare_exec_creds to initialize the suid and the fsuid to the euid, and the sgid and the fsgid to the egid. This is all that is needed to handle the common case of exec when nothing special like a setuid exec is happening. That this preserves the existing behavior of exec can be verified by examing bprm_fill_uid and cap_bprm_set_creds. This change makes it clear that the later parts of exec that update bprm->cred are just need to handle special cases such as setuid exec and change of domains. Link: https://lkml.kernel.org/r/871rng22dm.fsf_-_@x220.int.ebiederm.org Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'security/apparmor/include')
0 files changed, 0 insertions, 0 deletions