Merge tag 'safesetid-5.10' of git://github.com/micah-morton/linux

Pull SafeSetID updates from Micah Morton: "The changes are mostly contained to within the SafeSetID LSM, with the exception of a few 1-line changes to change some ns_capable() calls to ns_capable_setid() -- causing a flag (CAP_OPT_INSETID) to be set that is examined by SafeSetID code and nothing else in the kernel. The changes to SafeSetID internally allow for setting up GID transition security policies, as already existed for UIDs" * tag 'safesetid-5.10' of git://github.com/micah-morton/linux: LSM: SafeSetID: Fix warnings reported by test bot LSM: SafeSetID: Add GID security policy handling LSM: Signal to SafeSetID when setting group IDs
author: Linus Torvalds <torvalds@linux-foundation.org> 2020-10-25 10:45:26 -0700
committer: Linus Torvalds <torvalds@linux-foundation.org> 2020-10-25 10:45:26 -0700
commit: 81ecf91eab1045c009b5d73408c44033ba86bb4d (patch)
tree: d06fd8687b590bc5814dea1e28dbf39944c91a90 /kernel/groups.c
parent: 91f28da8c9a054286d6917ce191349455c479478 (diff)
parent: 03ca0ec138927b16fab0dad7b869f42eb2849c94 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/groups.c b/kernel/groups.c
index 6ee6691f6839..fe7e6385530e 100644
--- a/kernel/groups.c
+++ b/kernel/groups.c
@@ -178,7 +178,7 @@ bool may_setgroups(void)
 {
 	struct user_namespace *user_ns = current_user_ns();
 
-	return ns_capable(user_ns, CAP_SETGID) &&
+	return ns_capable_setid(user_ns, CAP_SETGID) &&
 		userns_may_setgroups(user_ns);
 }
author	Linus Torvalds <torvalds@linux-foundation.org>	2020-10-25 10:45:26 -0700
committer	Linus Torvalds <torvalds@linux-foundation.org>	2020-10-25 10:45:26 -0700
commit	81ecf91eab1045c009b5d73408c44033ba86bb4d (patch)
tree	d06fd8687b590bc5814dea1e28dbf39944c91a90 /kernel/groups.c
parent	91f28da8c9a054286d6917ce191349455c479478 (diff)
parent	03ca0ec138927b16fab0dad7b869f42eb2849c94 (diff)