Merge tag 'seccomp-3.17' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux into next

author: James Morris <james.l.morris@oracle.com> 2014-07-19 17:40:49 +1000
committer: James Morris <james.l.morris@oracle.com> 2014-07-19 17:40:49 +1000
commit: fd33c43677a7965624b46352a686a7c1e72ae4aa (patch)
tree: 10c2b8bfa4635b50d4cccd9c9453a9020a01e1a9 /fs/exec.c
parent: 2ccf4661f315615d018686d91d030a94001d0cc6 (diff)
parent: c2e1f2e30daa551db3c670c0ccfeab20a540b9e1 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/fs/exec.c b/fs/exec.c
index a3d33fe592d6..ab1f1200ce5d 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1216,7 +1216,7 @@ EXPORT_SYMBOL(install_exec_creds);
 /*
  * determine how safe it is to execute the proposed program
  * - the caller must hold ->cred_guard_mutex to protect against
- *   PTRACE_ATTACH
+ *   PTRACE_ATTACH or seccomp thread-sync
  */
 static void check_unsafe_exec(struct linux_binprm *bprm)
 {
@@ -1234,7 +1234,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
 	 * This isn't strictly necessary, but it makes it harder for LSMs to
 	 * mess up.
 	 */
-	if (current->no_new_privs)
+	if (task_no_new_privs(current))
 		bprm->unsafe |= LSM_UNSAFE_NO_NEW_PRIVS;
 
 	t = p;
@@ -1272,7 +1272,7 @@ int prepare_binprm(struct linux_binprm *bprm)
 	bprm->cred->egid = current_egid();
 
 	if (!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) &&
-	    !current->no_new_privs &&
+	    !task_no_new_privs(current) &&
 	    kuid_has_mapping(bprm->cred->user_ns, inode->i_uid) &&
 	    kgid_has_mapping(bprm->cred->user_ns, inode->i_gid)) {
 		/* Set-uid? */
author	James Morris <james.l.morris@oracle.com>	2014-07-19 17:40:49 +1000
committer	James Morris <james.l.morris@oracle.com>	2014-07-19 17:40:49 +1000
commit	fd33c43677a7965624b46352a686a7c1e72ae4aa (patch)
tree	10c2b8bfa4635b50d4cccd9c9453a9020a01e1a9 /fs/exec.c
parent	2ccf4661f315615d018686d91d030a94001d0cc6 (diff)
parent	c2e1f2e30daa551db3c670c0ccfeab20a540b9e1 (diff)