diff options
| author | Kees Cook <keescook@chromium.org> | 2014-05-21 15:23:46 -0700 |
|---|---|---|
| committer | Daniel Rosenberg <drosen@google.com> | 2015-01-12 16:49:26 -0800 |
| commit | d221244a7b63df4cf6d9d7c0643d87f3785739e3 (patch) | |
| tree | 8bdd83cf6c835bfaa2101febcef3efe97d8c88c7 /kernel | |
| parent | 84ec5f6424fe726e7c0feb51d668d6419c01196f (diff) | |
sched: move no_new_privs into new atomic flags
Since seccomp transitions between threads requires updates to the
no_new_privs flag to be atomic, the flag must be part of an atomic flag
set. This moves the nnp flag into a separate task field, and introduces
accessors.
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Conflicts:
kernel/sys.c
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/seccomp.c | 2 | ||||
| -rw-r--r-- | kernel/sys.c | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/kernel/seccomp.c b/kernel/seccomp.c index d4b61b967423..5390739066a6 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -264,7 +264,7 @@ static long seccomp_attach_filter(struct sock_fprog *fprog) * This avoids scenarios where unprivileged tasks can affect the * behavior of privileged children. */ - if (!current->no_new_privs && + if (!task_no_new_privs(current) && security_capable_noaudit(current_cred(), current_user_ns(), CAP_SYS_ADMIN) != 0) return -EACCES; diff --git a/kernel/sys.c b/kernel/sys.c index 62509f1738c2..acbbe7f58f2d 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -2161,12 +2161,12 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, if (arg2 != 1 || arg3 || arg4 || arg5) return -EINVAL; - current->no_new_privs = 1; + task_set_no_new_privs(current); break; case PR_GET_NO_NEW_PRIVS: if (arg2 || arg3 || arg4 || arg5) return -EINVAL; - return current->no_new_privs ? 1 : 0; + return task_no_new_privs(current) ? 1 : 0; case PR_SET_VMA: error = prctl_set_vma(arg2, arg3, arg4, arg5); break; |