Merge tag 'v4.3-rc2' into k.o/for-4.3-v1

Linux 4.3-rc2
author: Doug Ledford <dledford@redhat.com> 2015-09-25 10:46:07 -0400
committer: Doug Ledford <dledford@redhat.com> 2015-09-25 10:46:07 -0400
commit: 310b7cec8ea32dcd4e9978423717ce78dd89d45d (patch)
tree: ed7de6ce3c25829d0e7de10d0db9b83c725ee327 /include/linux/cred.h
parent: IB/hfi: Properly set permissions for user device files (diff)
parent: Linux 4.3-rc2 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/include/linux/cred.h b/include/linux/cred.h
index 8b6c083e68a7..8d70e1361ecd 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -137,6 +137,7 @@ struct cred {
 	kernel_cap_t	cap_permitted;	/* caps we're permitted */
 	kernel_cap_t	cap_effective;	/* caps we can actually use */
 	kernel_cap_t	cap_bset;	/* capability bounding set */
+	kernel_cap_t	cap_ambient;	/* Ambient capability set */
 #ifdef CONFIG_KEYS
 	unsigned char	jit_keyring;	/* default keyring to attach requested
 					 * keys to */
@@ -212,6 +213,13 @@ static inline void validate_process_creds(void)
 }
 #endif
 
+static inline bool cap_ambient_invariant_ok(const struct cred *cred)
+{
+	return cap_issubset(cred->cap_ambient,
+			    cap_intersect(cred->cap_permitted,
+					  cred->cap_inheritable));
+}
+
 /**
  * get_new_cred - Get a reference on a new set of credentials
  * @cred: The new credentials to reference
author	Doug Ledford <dledford@redhat.com>	2015-09-25 10:46:07 -0400
committer	Doug Ledford <dledford@redhat.com>	2015-09-25 10:46:07 -0400
commit	310b7cec8ea32dcd4e9978423717ce78dd89d45d (patch)
tree	ed7de6ce3c25829d0e7de10d0db9b83c725ee327 /include/linux/cred.h
parent	IB/hfi: Properly set permissions for user device files (diff)
parent	Linux 4.3-rc2 (diff)