diff options
| author |   Linus Torvalds <torvalds@linux-foundation.org> | 2021-08-31 12:16:05 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-08-31 12:16:05 -0700 |
| commit | e55f0c439a2681a3c299bedd99ebe998049fa508 (patch) | |
| tree | feae835d9fa5ff28c274ac110c0e73055786798c /security | |
| parent | Merge tag 'fs.idmapped.v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux (diff) | |
| parent | set_user: add capability check when rlimit(RLIMIT_NPROC) exceeds (diff) | |
| download | wireguard-linux-e55f0c439a2681a3c299bedd99ebe998049fa508.tar.xz wireguard-linux-e55f0c439a2681a3c299bedd99ebe998049fa508.zip | |
Merge tag 'kernel.sys.v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux
Pull set_user() update from Christian Brauner:
"This contains a single fix to set_user() which aligns permission
checks with the corresponding fork() codepath. No one involved in this
could come up with a reason for the difference.
A capable caller can already circumvent the check when they fork where
the permission checks are already for the relevant capabilities in
addition to also allowing to exceed nproc when it is the init user.
So apply the same logic to set_user()"
* tag 'kernel.sys.v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux:
set_user: add capability check when rlimit(RLIMIT_NPROC) exceeds
Diffstat (limited to 'security')
0 files changed, 0 insertions, 0 deletions