Make sure we call cap_bprm_set_creds with tomoyo, to set credentials properly inside tomoyo_bprm_set_creds
Signed-off-by: Herton Ronaldo Krzesinski <[email protected]> --- security/tomoyo/tomoyo.c | 6 ++++++ 1 file changed, 6 insertions(+) Hi, I noted that in a boot with 2.6.30-rc7 with tomoyo enabled, testing on a system without ccs-tools installed (thus tomoyo enabled but not used*), some suid executables were not being working (for example, su - was not working anymore with tomoyo enabled); I traced it to tomoyo not calling cap_bprm_set_creds, please review and send as 2.6.30 bugfix, thanks. *didn't test yet if with ccs-tools installed the bug doesn't happen, thus my note diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 5b48191..e42be5c 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -27,6 +27,12 @@ static int tomoyo_cred_prepare(struct cred *new, const struct cred *old, static int tomoyo_bprm_set_creds(struct linux_binprm *bprm) { + int rc; + + rc = cap_bprm_set_creds(bprm); + if (rc) + return rc; + /* * Do only if this function is called for the first time of an execve * operation. _______________________________________________ tomoyo-users-en mailing list [email protected] http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
