diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2010-05-20 08:55:50 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2010-05-20 08:55:50 -0700 |
| commit | 96b5b7f4f2d59b37c1fc2fba1ae25999accd6dcd (patch) | |
| tree | cda421c6cd7533940b35504660a05a366a3ece0c /security/commoncap.c | |
| parent | f72caf7e496465182eeda842ac66a5e75404ddf1 (diff) | |
| parent | 539c99fd7fc28f8db257c713c10fb4aceadf8887 (diff) | |
| download | blackbird-op-linux-96b5b7f4f2d59b37c1fc2fba1ae25999accd6dcd.tar.gz blackbird-op-linux-96b5b7f4f2d59b37c1fc2fba1ae25999accd6dcd.zip | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (61 commits)
KEYS: Return more accurate error codes
LSM: Add __init to fixup function.
TOMOYO: Add pathname grouping support.
ima: remove ACPI dependency
TPM: ACPI/PNP dependency removal
security/selinux/ss: Use kstrdup
TOMOYO: Use stack memory for pending entry.
Revert "ima: remove ACPI dependency"
Revert "TPM: ACPI/PNP dependency removal"
KEYS: Do preallocation for __key_link()
TOMOYO: Use mutex_lock_interruptible.
KEYS: Better handling of errors from construct_alloc_key()
KEYS: keyring_serialise_link_sem is only needed for keyring->keyring links
TOMOYO: Use GFP_NOFS rather than GFP_KERNEL.
ima: remove ACPI dependency
TPM: ACPI/PNP dependency removal
selinux: generalize disabling of execmem for plt-in-heap archs
LSM Audit: rename LSM_AUDIT_NO_AUDIT to LSM_AUDIT_DATA_NONE
CRED: Holding a spinlock does not imply the holding of RCU read lock
SMACK: Don't #include Ext2 headers
...
Diffstat (limited to 'security/commoncap.c')
| -rw-r--r-- | security/commoncap.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index 61669730da98..4e015996dd4d 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -570,7 +570,7 @@ int cap_inode_setxattr(struct dentry *dentry, const char *name, } if (!strncmp(name, XATTR_SECURITY_PREFIX, - sizeof(XATTR_SECURITY_PREFIX) - 1) && + sizeof(XATTR_SECURITY_PREFIX) - 1) && !capable(CAP_SYS_ADMIN)) return -EPERM; return 0; @@ -596,7 +596,7 @@ int cap_inode_removexattr(struct dentry *dentry, const char *name) } if (!strncmp(name, XATTR_SECURITY_PREFIX, - sizeof(XATTR_SECURITY_PREFIX) - 1) && + sizeof(XATTR_SECURITY_PREFIX) - 1) && !capable(CAP_SYS_ADMIN)) return -EPERM; return 0; @@ -931,7 +931,7 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages) * @addr: address attempting to be mapped * @addr_only: unused * - * If the process is attempting to map memory below mmap_min_addr they need + * If the process is attempting to map memory below dac_mmap_min_addr they need * CAP_SYS_RAWIO. The other parameters to this function are unused by the * capability security module. Returns 0 if this mapping should be allowed * -EPERM if not. |
