linux-hardened/security
Andrew G. Morgan 8cdbc2b982 capabilities: add (back) dummy support for KEEPCAPS
The dummy module is used by folk that run security conscious code(!?).  A
feature of such code (for example, dhclient) is that it tries to operate
with minimum privilege (dropping unneeded capabilities).  While the dummy
module doesn't restrict code execution based on capability state, the user
code expects the kernel to appear to support it.  This patch adds back
faked support for the PR_SET_KEEPCAPS etc., calls - making the kernel
behave as before 2.6.26.

For details see: http://bugzilla.kernel.org/show_bug.cgi?id=10748

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Cc: James Morris <jmorris@namei.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-12 18:05:40 -07:00
..
keys keys: remove unused key_alloc_sem 2008-06-06 11:29:11 -07:00
selinux [PATCH] split linux/file.h 2008-05-01 13:08:16 -04:00
smack Smack: fuse mount hang fix 2008-06-04 08:50:43 -07:00
capability.c capabilities: implement per-process securebits 2008-04-28 08:58:26 -07:00
commoncap.c xattr: add missing consts to function arguments 2008-04-29 08:06:06 -07:00
device_cgroup.c devscgroup: make white list more compact in some cases 2008-06-06 11:29:11 -07:00
dummy.c capabilities: add (back) dummy support for KEEPCAPS 2008-06-12 18:05:40 -07:00
inode.c Kobject: convert remaining kobject_unregister() to kobject_put() 2008-01-24 20:40:40 -08:00
Kconfig security: enhance DEFAULT_MMAP_MIN_ADDR description 2008-04-18 20:26:18 +10:00
Makefile cgroups: implement device whitelist 2008-04-29 08:06:09 -07:00
root_plug.c root_plug: use cap_task_prctl 2008-04-28 08:58:27 -07:00
security.c Security: Make secctx_to_secid() take const secdata 2008-04-30 08:23:51 +10:00