acrn-kernel/security
Serge E. Hallyn 91ad997a34 file capabilities: allow sigcont within session
Fix http://bugzilla.kernel.org/show_bug.cgi?id=9247

Allow sigcont to be sent to a process with greater capabilities if it is in
the same session.  Otherwise, a shell from which I've started a root shell
and done 'suspend' can't be restarted by the parent shell.

Also don't do file-capabilities signaling checks when uids for the
processes don't match, since the standard check_kill_permission will have
done those checks.

[akpm@linux-foundation.org: coding-style cleanups]
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: Andrew Morgan <morgan@kernel.org>
Cc: Chris Wright <chrisw@sous-sol.org>
Tested-by: "Theodore Ts'o" <tytso@mit.edu>
Cc: Stephen Smalley <sds@epoch.ncsc.mil>
Cc: "Rafael J. Wysocki" <rjw@sisk.pl>
Cc: Chris Wright <chrisw@sous-sol.org>
Cc: James Morris <jmorris@namei.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-11-14 18:45:44 -08:00
..
keys KEYS: Make request_key() and co fundamentally asynchronous 2007-10-17 08:42:57 -07:00
selinux SELinux: add more validity checks on policy load 2007-11-08 08:56:23 +11:00
Kconfig Implement file posix capabilities 2007-10-17 08:43:07 -07:00
Makefile
capability.c Implement file posix capabilities 2007-10-17 08:43:07 -07:00
commoncap.c file capabilities: allow sigcont within session 2007-11-14 18:45:44 -08:00
dummy.c V3 file capabilities: alter behavior of cap_setpcap 2007-10-18 14:37:24 -07:00
inode.c security/ cleanups 2007-10-17 08:43:07 -07:00
root_plug.c security: Convert LSM into a static interface 2007-10-17 08:43:07 -07:00
security.c security/ cleanups 2007-10-17 08:43:07 -07:00