diff options
author | Stefan Agner <stefan@agner.ch> | 2017-03-14 13:59:28 -0700 |
---|---|---|
committer | Max Krummenacher <max.krummenacher@toradex.com> | 2017-03-15 18:35:51 +0100 |
commit | 39ac0033f2345ce7b5d8ca4439192407dacb2355 (patch) | |
tree | 51dc588baa63d31bc406388885f62c1cae068fa3 /kernel/capability.c | |
parent | 13f2767f31803754aa883f298737aff866f04628 (diff) | |
parent | d9e0350d2575a20ee7783427da9bd6b6107eb983 (diff) |
Merge tag 'v4.1.39' into toradex_vf_4.1-nexttoradex_vf_4.1
Linux 4.1.39
Diffstat (limited to 'kernel/capability.c')
-rw-r--r-- | kernel/capability.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/kernel/capability.c b/kernel/capability.c index 45432b54d5c6..022df097a6bc 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -447,3 +447,23 @@ bool capable_wrt_inode_uidgid(const struct inode *inode, int cap) kgid_has_mapping(ns, inode->i_gid); } EXPORT_SYMBOL(capable_wrt_inode_uidgid); + +/** + * ptracer_capable - Determine if the ptracer holds CAP_SYS_PTRACE in the namespace + * @tsk: The task that may be ptraced + * @ns: The user namespace to search for CAP_SYS_PTRACE in + * + * Return true if the task that is ptracing the current task had CAP_SYS_PTRACE + * in the specified user namespace. + */ +bool ptracer_capable(struct task_struct *tsk, struct user_namespace *ns) +{ + int ret = 0; /* An absent tracer adds no restrictions */ + const struct cred *cred; + rcu_read_lock(); + cred = rcu_dereference(tsk->ptracer_cred); + if (cred) + ret = security_capable_noaudit(cred, ns, CAP_SYS_PTRACE); + rcu_read_unlock(); + return (ret == 0); +} |