Merge branch 'for-linus' of git://selinuxproject.org/~jmorris/linux-security

* 'for-linus' of git://selinuxproject.org/~jmorris/linux-security: capabilities: remove __cap_full_set definition security: remove the security_netlink_recv hook as it is equivalent to capable() ptrace: do not audit capability check when outputing /proc/pid/stat capabilities: remove task_ns_* functions capabitlies: ns_capable can use the cap helpers rather than lsm call capabilities: style only - move capable below ns_capable capabilites: introduce new has_ns_capabilities_noaudit capabilities: call has_ns_capability from has_capability capabilities: remove all _real_ interfaces capabilities: introduce security_capable_noaudit capabilities: reverse arguments to security_capable capabilities: remove the task from capable LSM hook entirely selinux: sparse fix: fix several warnings in the security server cod selinux: sparse fix: fix warnings in netlink code selinux: sparse fix: eliminate warnings for selinuxfs selinux: sparse fix: declare selinux_disable() in security.h selinux: sparse fix: move selinux_complete_init selinux: sparse fix: make selinux_secmark_refcount static SELinux: Fix RCU deref check warning in sel_netport_insert() Manually fix up a semantic mis-merge wrt security_netlink_recv(): - the interface was removed in commit fd7784615248 ("security: remove the security_netlink_recv hook as it is equivalent to capable()") - a new user of it appeared in commit a38f7907b926 ("crypto: Add userspace configuration API") causing no automatic merge conflict, but Eric Paris pointed out the issue.
author: Linus Torvalds 2012-01-15 03:36:33 +0100
committer: Linus Torvalds 2012-01-15 03:36:33 +0100
commit: c49c41a4134679cecb77362e7f6b59acb6320aa7 (patch)
tree: 45e690c036ca5846a48c8be67945d1d841b2d96d /kernel/sched
parent: Merge tag 'kmemleak' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarina... (diff)
parent: capabilities: remove __cap_full_set definition (diff)
download: kernel-qcow2-linux-c49c41a4134679cecb77362e7f6b59acb6320aa7.tar.gz
kernel-qcow2-linux-c49c41a4134679cecb77362e7f6b59acb6320aa7.tar.xz
kernel-qcow2-linux-c49c41a4134679cecb77362e7f6b59acb6320aa7.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index fd7b25e90079..df00cb09263e 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -4330,7 +4330,7 @@ long sched_setaffinity(pid_t pid, const struct cpumask *in_mask)
 		goto out_free_cpus_allowed;
 	}
 	retval = -EPERM;
-	if (!check_same_owner(p) && !task_ns_capable(p, CAP_SYS_NICE))
+	if (!check_same_owner(p) && !ns_capable(task_user_ns(p), CAP_SYS_NICE))
 		goto out_unlock;
 
 	retval = security_task_setscheduler(p);
author	Linus Torvalds	2012-01-15 03:36:33 +0100
committer	Linus Torvalds	2012-01-15 03:36:33 +0100
commit	c49c41a4134679cecb77362e7f6b59acb6320aa7 (patch)
tree	45e690c036ca5846a48c8be67945d1d841b2d96d /kernel/sched
parent	Merge tag 'kmemleak' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarina... (diff)
parent	capabilities: remove __cap_full_set definition (diff)
download	kernel-qcow2-linux-c49c41a4134679cecb77362e7f6b59acb6320aa7.tar.gz kernel-qcow2-linux-c49c41a4134679cecb77362e7f6b59acb6320aa7.tar.xz kernel-qcow2-linux-c49c41a4134679cecb77362e7f6b59acb6320aa7.zip