Merge tag 'v4.1.39' into toradex_vf_4.1-nexttoradex_vf_4.1

Linux 4.1.39
author: Stefan Agner <stefan@agner.ch> 2017-03-14 13:59:28 -0700
committer: Max Krummenacher <max.krummenacher@toradex.com> 2017-03-15 18:35:51 +0100
commit: 39ac0033f2345ce7b5d8ca4439192407dacb2355 (patch)
tree: 51dc588baa63d31bc406388885f62c1cae068fa3 /kernel/capability.c
parent: 13f2767f31803754aa883f298737aff866f04628 (diff)
parent: d9e0350d2575a20ee7783427da9bd6b6107eb983 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/kernel/capability.c b/kernel/capability.c
index 45432b54d5c6..022df097a6bc 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -447,3 +447,23 @@ bool capable_wrt_inode_uidgid(const struct inode *inode, int cap)
 		kgid_has_mapping(ns, inode->i_gid);
 }
 EXPORT_SYMBOL(capable_wrt_inode_uidgid);
+
+/**
+ * ptracer_capable - Determine if the ptracer holds CAP_SYS_PTRACE in the namespace
+ * @tsk: The task that may be ptraced
+ * @ns: The user namespace to search for CAP_SYS_PTRACE in
+ *
+ * Return true if the task that is ptracing the current task had CAP_SYS_PTRACE
+ * in the specified user namespace.
+ */
+bool ptracer_capable(struct task_struct *tsk, struct user_namespace *ns)
+{
+	int ret = 0;  /* An absent tracer adds no restrictions */
+	const struct cred *cred;
+	rcu_read_lock();
+	cred = rcu_dereference(tsk->ptracer_cred);
+	if (cred)
+		ret = security_capable_noaudit(cred, ns, CAP_SYS_PTRACE);
+	rcu_read_unlock();
+	return (ret == 0);
+}
author	Stefan Agner <stefan@agner.ch>	2017-03-14 13:59:28 -0700
committer	Max Krummenacher <max.krummenacher@toradex.com>	2017-03-15 18:35:51 +0100
commit	39ac0033f2345ce7b5d8ca4439192407dacb2355 (patch)
tree	51dc588baa63d31bc406388885f62c1cae068fa3 /kernel/capability.c
parent	13f2767f31803754aa883f298737aff866f04628 (diff)
parent	d9e0350d2575a20ee7783427da9bd6b6107eb983 (diff)