On Mon, Jul 31, 2017 at 4:51 PM, Kees Cook <[email protected]> wrote: > Instead of a separate function, open-code the cap_elevated test, which > lets us entirely remove bprm->cap_effective (to use the local "effective" > variable instead), and more accurately examine euid/egid changes via the > existing local "is_setid". > > The following LTP tests were run to validate the changes: > > # ./runltp -f syscalls -s cap > # ./runltp -f securebits > # ./runltp -f cap_bounds > # ./runltp -f filecaps > > All kernel selftests for capabilities and exec continue to pass as well. > > Cc: Andy Lutomirski <[email protected]> > Signed-off-by: Kees Cook <[email protected]> > Reviewed-by: James Morris <[email protected]> > Acked-by: Serge Hallyn <[email protected]>
Reviewed-by: Andy Lutomirski <[email protected]>
