security: filesystem capabilities: fix CAP_SETPCAP handling
[linux-2.6.git] / security / commoncap.c
index 5edabc7542ae00c46e568456285f9bf5f369f2e6..33d34330841344f7329e1b1f313cc531c65aa7a9 100644 (file)
@@ -103,10 +103,16 @@ static inline int cap_inh_is_capped(void)
        return (cap_capable(current, CAP_SETPCAP) != 0);
 }
 
+static inline int cap_limit_ptraced_target(void) { return 1; }
+
 #else /* ie., ndef CONFIG_SECURITY_FILE_CAPABILITIES */
 
 static inline int cap_block_setpcap(struct task_struct *t) { return 0; }
 static inline int cap_inh_is_capped(void) { return 1; }
+static inline int cap_limit_ptraced_target(void)
+{
+       return !capable(CAP_SETPCAP);
+}
 
 #endif /* def CONFIG_SECURITY_FILE_CAPABILITIES */
 
@@ -342,9 +348,10 @@ void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe)
                                bprm->e_uid = current->uid;
                                bprm->e_gid = current->gid;
                        }
-                       if (!capable (CAP_SETPCAP)) {
-                               new_permitted = cap_intersect (new_permitted,
-                                                       current->cap_permitted);
+                       if (cap_limit_ptraced_target()) {
+                               new_permitted =
+                                       cap_intersect(new_permitted,
+                                                     current->cap_permitted);
                        }
                }
        }