]> Git Repo - linux.git/blobdiff - security/apparmor/domain.c
projects / linux.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs
[linux.git] / security / apparmor / domain.c
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 6327685c101e49cc720553c9db9f02da3fed1d24..18c88d06e88141f7bc71bf8f01dbf6b923b5f120 100644 (file)
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -360,6 +360,10 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
        if (bprm->cred_prepared)
                return 0;
 
+       /* XXX: no_new_privs is not usable with AppArmor yet */
+       if (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS)
+               return -EPERM;
+
        cxt = bprm->cred->security;
        BUG_ON(!cxt);
 
Empty description
This page took 0.033128 seconds and 4 git commands to generate.