Skip to content

Commit

Permalink
tomoyo: add missing call to cap_bprm_set_creds
Browse files Browse the repository at this point in the history 
cap_bprm_set_creds() has to be called from security_bprm_set_creds().
TOMOYO forgot to call cap_bprm_set_creds() from tomoyo_bprm_set_creds()
and suid executables were not being working.

Make sure we call cap_bprm_set_creds() with TOMOYO, to set credentials
properly inside tomoyo_bprm_set_creds().

Signed-off-by: Herton Ronaldo Krzesinski <[email protected]>
Acked-by: Tetsuo Handa <[email protected]>
Signed-off-by: James Morris <[email protected]>
  • Loading branch information
Herton Ronaldo Krzesinski authored and James Morris committed May 26, 2009
1 parent e2a1b9e commit b1338d1
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions security/tomoyo/tomoyo.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,12 @@ static int tomoyo_cred_prepare(struct cred *new, const struct cred *old,

static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
{
int rc;

rc = cap_bprm_set_creds(bprm);
if (rc)
return rc;

/*
* Do only if this function is called for the first time of an execve
* operation.
Expand Down

0 comments on commit b1338d1

Please sign in to comment.