Commit | Line | Data |
---|---|---|
b2441318 | 1 | // SPDX-License-Identifier: GPL-2.0 |
1da177e4 LT |
2 | /* |
3 | * linux/kernel/capability.c | |
4 | * | |
5 | * Copyright (C) 1997 Andrew Main <zefram@fysh.org> | |
6 | * | |
72c2d582 | 7 | * Integrated into 2.1.97+, Andrew G. Morgan <morgan@kernel.org> |
1da177e4 | 8 | * 30 May 2002: Cleanup, Robert M. Love <rml@tech9.net> |
314f70fd | 9 | */ |
1da177e4 | 10 | |
f5645d35 JP |
11 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
12 | ||
e68b75a0 | 13 | #include <linux/audit.h> |
c59ede7b | 14 | #include <linux/capability.h> |
1da177e4 | 15 | #include <linux/mm.h> |
9984de1a | 16 | #include <linux/export.h> |
1da177e4 LT |
17 | #include <linux/security.h> |
18 | #include <linux/syscalls.h> | |
b460cbc5 | 19 | #include <linux/pid_namespace.h> |
3486740a | 20 | #include <linux/user_namespace.h> |
7c0f6ba6 | 21 | #include <linux/uaccess.h> |
1da177e4 | 22 | |
1f29fae2 SH |
23 | int file_caps_enabled = 1; |
24 | ||
25 | static int __init file_caps_disable(char *str) | |
26 | { | |
27 | file_caps_enabled = 0; | |
28 | return 1; | |
29 | } | |
30 | __setup("no_file_caps", file_caps_disable); | |
1f29fae2 | 31 | |
2813893f | 32 | #ifdef CONFIG_MULTIUSER |
e338d263 AM |
33 | /* |
34 | * More recent versions of libcap are available from: | |
35 | * | |
36 | * http://www.kernel.org/pub/linux/libs/security/linux-privs/ | |
37 | */ | |
38 | ||
39 | static void warn_legacy_capability_use(void) | |
40 | { | |
f5645d35 JP |
41 | char name[sizeof(current->comm)]; |
42 | ||
43 | pr_info_once("warning: `%s' uses 32-bit capabilities (legacy support in use)\n", | |
44 | get_task_comm(name, current)); | |
e338d263 AM |
45 | } |
46 | ||
ca05a99a AM |
47 | /* |
48 | * Version 2 capabilities worked fine, but the linux/capability.h file | |
49 | * that accompanied their introduction encouraged their use without | |
50 | * the necessary user-space source code changes. As such, we have | |
51 | * created a version 3 with equivalent functionality to version 2, but | |
52 | * with a header change to protect legacy source code from using | |
53 | * version 2 when it wanted to use version 1. If your system has code | |
54 | * that trips the following warning, it is using version 2 specific | |
55 | * capabilities and may be doing so insecurely. | |
56 | * | |
57 | * The remedy is to either upgrade your version of libcap (to 2.10+, | |
58 | * if the application is linked against it), or recompile your | |
59 | * application with modern kernel headers and this warning will go | |
60 | * away. | |
61 | */ | |
62 | ||
63 | static void warn_deprecated_v2(void) | |
64 | { | |
f5645d35 | 65 | char name[sizeof(current->comm)]; |
ca05a99a | 66 | |
f5645d35 JP |
67 | pr_info_once("warning: `%s' uses deprecated v2 capabilities in a way that may be insecure\n", |
68 | get_task_comm(name, current)); | |
ca05a99a AM |
69 | } |
70 | ||
71 | /* | |
72 | * Version check. Return the number of u32s in each capability flag | |
73 | * array, or a negative value on error. | |
74 | */ | |
75 | static int cap_validate_magic(cap_user_header_t header, unsigned *tocopy) | |
76 | { | |
77 | __u32 version; | |
78 | ||
79 | if (get_user(version, &header->version)) | |
80 | return -EFAULT; | |
81 | ||
82 | switch (version) { | |
83 | case _LINUX_CAPABILITY_VERSION_1: | |
84 | warn_legacy_capability_use(); | |
85 | *tocopy = _LINUX_CAPABILITY_U32S_1; | |
86 | break; | |
87 | case _LINUX_CAPABILITY_VERSION_2: | |
88 | warn_deprecated_v2(); | |
df561f66 | 89 | fallthrough; /* v3 is otherwise equivalent to v2 */ |
ca05a99a AM |
90 | case _LINUX_CAPABILITY_VERSION_3: |
91 | *tocopy = _LINUX_CAPABILITY_U32S_3; | |
92 | break; | |
93 | default: | |
94 | if (put_user((u32)_KERNEL_CAPABILITY_VERSION, &header->version)) | |
95 | return -EFAULT; | |
96 | return -EINVAL; | |
97 | } | |
98 | ||
99 | return 0; | |
100 | } | |
101 | ||
ab763c71 | 102 | /* |
d84f4f99 DH |
103 | * The only thing that can change the capabilities of the current |
104 | * process is the current process. As such, we can't be in this code | |
105 | * at the same time as we are in the process of setting capabilities | |
106 | * in this process. The net result is that we can limit our use of | |
107 | * locks to when we are reading the caps of another process. | |
ab763c71 AM |
108 | */ |
109 | static inline int cap_get_target_pid(pid_t pid, kernel_cap_t *pEp, | |
110 | kernel_cap_t *pIp, kernel_cap_t *pPp) | |
111 | { | |
112 | int ret; | |
113 | ||
114 | if (pid && (pid != task_pid_vnr(current))) { | |
115 | struct task_struct *target; | |
116 | ||
86fc80f1 | 117 | rcu_read_lock(); |
ab763c71 AM |
118 | |
119 | target = find_task_by_vpid(pid); | |
120 | if (!target) | |
121 | ret = -ESRCH; | |
122 | else | |
123 | ret = security_capget(target, pEp, pIp, pPp); | |
124 | ||
86fc80f1 | 125 | rcu_read_unlock(); |
ab763c71 AM |
126 | } else |
127 | ret = security_capget(current, pEp, pIp, pPp); | |
128 | ||
129 | return ret; | |
130 | } | |
131 | ||
207a7ba8 | 132 | /** |
1da177e4 | 133 | * sys_capget - get the capabilities of a given process. |
207a7ba8 RD |
134 | * @header: pointer to struct that contains capability version and |
135 | * target pid data | |
136 | * @dataptr: pointer to struct that contains the effective, permitted, | |
137 | * and inheritable capabilities that are returned | |
138 | * | |
139 | * Returns 0 on success and < 0 on error. | |
1da177e4 | 140 | */ |
b290ebe2 | 141 | SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr) |
1da177e4 | 142 | { |
314f70fd DW |
143 | int ret = 0; |
144 | pid_t pid; | |
e338d263 AM |
145 | unsigned tocopy; |
146 | kernel_cap_t pE, pI, pP; | |
f122a08b | 147 | struct __user_cap_data_struct kdata[2]; |
314f70fd | 148 | |
ca05a99a | 149 | ret = cap_validate_magic(header, &tocopy); |
c4a5af54 AM |
150 | if ((dataptr == NULL) || (ret != 0)) |
151 | return ((dataptr == NULL) && (ret == -EINVAL)) ? 0 : ret; | |
1da177e4 | 152 | |
314f70fd DW |
153 | if (get_user(pid, &header->pid)) |
154 | return -EFAULT; | |
1da177e4 | 155 | |
314f70fd DW |
156 | if (pid < 0) |
157 | return -EINVAL; | |
1da177e4 | 158 | |
ab763c71 | 159 | ret = cap_get_target_pid(pid, &pE, &pI, &pP); |
f122a08b LT |
160 | if (ret) |
161 | return ret; | |
1da177e4 | 162 | |
f122a08b LT |
163 | /* |
164 | * Annoying legacy format with 64-bit capabilities exposed | |
165 | * as two sets of 32-bit fields, so we need to split the | |
166 | * capability values up. | |
167 | */ | |
168 | kdata[0].effective = pE.val; kdata[1].effective = pE.val >> 32; | |
169 | kdata[0].permitted = pP.val; kdata[1].permitted = pP.val >> 32; | |
170 | kdata[0].inheritable = pI.val; kdata[1].inheritable = pI.val >> 32; | |
171 | ||
172 | /* | |
173 | * Note, in the case, tocopy < _KERNEL_CAPABILITY_U32S, | |
174 | * we silently drop the upper capabilities here. This | |
175 | * has the effect of making older libcap | |
176 | * implementations implicitly drop upper capability | |
177 | * bits when they perform a: capget/modify/capset | |
178 | * sequence. | |
179 | * | |
180 | * This behavior is considered fail-safe | |
181 | * behavior. Upgrading the application to a newer | |
182 | * version of libcap will enable access to the newer | |
183 | * capabilities. | |
184 | * | |
185 | * An alternative would be to return an error here | |
186 | * (-ERANGE), but that causes legacy applications to | |
187 | * unexpectedly fail; the capget/modify/capset aborts | |
188 | * before modification is attempted and the application | |
189 | * fails. | |
190 | */ | |
191 | if (copy_to_user(dataptr, kdata, tocopy * sizeof(kdata[0]))) | |
192 | return -EFAULT; | |
193 | ||
194 | return 0; | |
195 | } | |
196 | ||
197 | static kernel_cap_t mk_kernel_cap(u32 low, u32 high) | |
198 | { | |
199 | return (kernel_cap_t) { (low | ((u64)high << 32)) & CAP_VALID_MASK }; | |
1da177e4 LT |
200 | } |
201 | ||
207a7ba8 | 202 | /** |
ab763c71 | 203 | * sys_capset - set capabilities for a process or (*) a group of processes |
207a7ba8 RD |
204 | * @header: pointer to struct that contains capability version and |
205 | * target pid data | |
206 | * @data: pointer to struct that contains the effective, permitted, | |
207 | * and inheritable capabilities | |
208 | * | |
1cdcbec1 DH |
209 | * Set capabilities for the current process only. The ability to any other |
210 | * process(es) has been deprecated and removed. | |
1da177e4 LT |
211 | * |
212 | * The restrictions on setting capabilities are specified as: | |
213 | * | |
1cdcbec1 DH |
214 | * I: any raised capabilities must be a subset of the old permitted |
215 | * P: any raised capabilities must be a subset of the old permitted | |
216 | * E: must be set to a subset of new permitted | |
207a7ba8 RD |
217 | * |
218 | * Returns 0 on success and < 0 on error. | |
1da177e4 | 219 | */ |
b290ebe2 | 220 | SYSCALL_DEFINE2(capset, cap_user_header_t, header, const cap_user_data_t, data) |
1da177e4 | 221 | { |
f122a08b LT |
222 | struct __user_cap_data_struct kdata[2] = { { 0, }, }; |
223 | unsigned tocopy, copybytes; | |
314f70fd | 224 | kernel_cap_t inheritable, permitted, effective; |
d84f4f99 | 225 | struct cred *new; |
314f70fd DW |
226 | int ret; |
227 | pid_t pid; | |
228 | ||
ca05a99a AM |
229 | ret = cap_validate_magic(header, &tocopy); |
230 | if (ret != 0) | |
231 | return ret; | |
314f70fd DW |
232 | |
233 | if (get_user(pid, &header->pid)) | |
234 | return -EFAULT; | |
235 | ||
1cdcbec1 DH |
236 | /* may only affect current now */ |
237 | if (pid != 0 && pid != task_pid_vnr(current)) | |
238 | return -EPERM; | |
239 | ||
825332e4 AV |
240 | copybytes = tocopy * sizeof(struct __user_cap_data_struct); |
241 | if (copybytes > sizeof(kdata)) | |
242 | return -EFAULT; | |
243 | ||
244 | if (copy_from_user(&kdata, data, copybytes)) | |
314f70fd | 245 | return -EFAULT; |
e338d263 | 246 | |
f122a08b LT |
247 | effective = mk_kernel_cap(kdata[0].effective, kdata[1].effective); |
248 | permitted = mk_kernel_cap(kdata[0].permitted, kdata[1].permitted); | |
249 | inheritable = mk_kernel_cap(kdata[0].inheritable, kdata[1].inheritable); | |
7d8b6c63 | 250 | |
d84f4f99 DH |
251 | new = prepare_creds(); |
252 | if (!new) | |
253 | return -ENOMEM; | |
254 | ||
255 | ret = security_capset(new, current_cred(), | |
256 | &effective, &inheritable, &permitted); | |
257 | if (ret < 0) | |
258 | goto error; | |
259 | ||
ca24a23e | 260 | audit_log_capset(new, current_cred()); |
e68b75a0 | 261 | |
d84f4f99 DH |
262 | return commit_creds(new); |
263 | ||
264 | error: | |
265 | abort_creds(new); | |
314f70fd | 266 | return ret; |
1da177e4 | 267 | } |
12b5989b | 268 | |
3263245d | 269 | /** |
25e75703 | 270 | * has_ns_capability - Does a task have a capability in a specific user ns |
3263245d | 271 | * @t: The task in question |
25e75703 | 272 | * @ns: target user namespace |
3263245d SH |
273 | * @cap: The capability to be tested for |
274 | * | |
275 | * Return true if the specified task has the given superior capability | |
25e75703 | 276 | * currently in effect to the specified user namespace, false if not. |
3263245d SH |
277 | * |
278 | * Note that this does not set PF_SUPERPRIV on the task. | |
279 | */ | |
25e75703 EP |
280 | bool has_ns_capability(struct task_struct *t, |
281 | struct user_namespace *ns, int cap) | |
3263245d | 282 | { |
2920a840 EP |
283 | int ret; |
284 | ||
285 | rcu_read_lock(); | |
c1a85a00 | 286 | ret = security_capable(__task_cred(t), ns, cap, CAP_OPT_NONE); |
2920a840 | 287 | rcu_read_unlock(); |
3263245d SH |
288 | |
289 | return (ret == 0); | |
290 | } | |
291 | ||
292 | /** | |
25e75703 | 293 | * has_capability - Does a task have a capability in init_user_ns |
3263245d | 294 | * @t: The task in question |
3263245d SH |
295 | * @cap: The capability to be tested for |
296 | * | |
297 | * Return true if the specified task has the given superior capability | |
25e75703 | 298 | * currently in effect to the initial user namespace, false if not. |
3263245d SH |
299 | * |
300 | * Note that this does not set PF_SUPERPRIV on the task. | |
301 | */ | |
25e75703 | 302 | bool has_capability(struct task_struct *t, int cap) |
3263245d | 303 | { |
25e75703 | 304 | return has_ns_capability(t, &init_user_ns, cap); |
3263245d | 305 | } |
19c816e8 | 306 | EXPORT_SYMBOL(has_capability); |
3263245d SH |
307 | |
308 | /** | |
7b61d648 EP |
309 | * has_ns_capability_noaudit - Does a task have a capability (unaudited) |
310 | * in a specific user ns. | |
3263245d | 311 | * @t: The task in question |
7b61d648 | 312 | * @ns: target user namespace |
3263245d SH |
313 | * @cap: The capability to be tested for |
314 | * | |
315 | * Return true if the specified task has the given superior capability | |
7b61d648 EP |
316 | * currently in effect to the specified user namespace, false if not. |
317 | * Do not write an audit message for the check. | |
3263245d SH |
318 | * |
319 | * Note that this does not set PF_SUPERPRIV on the task. | |
320 | */ | |
7b61d648 EP |
321 | bool has_ns_capability_noaudit(struct task_struct *t, |
322 | struct user_namespace *ns, int cap) | |
3263245d | 323 | { |
2920a840 EP |
324 | int ret; |
325 | ||
326 | rcu_read_lock(); | |
c1a85a00 | 327 | ret = security_capable(__task_cred(t), ns, cap, CAP_OPT_NOAUDIT); |
2920a840 | 328 | rcu_read_unlock(); |
3263245d SH |
329 | |
330 | return (ret == 0); | |
331 | } | |
332 | ||
5cd9c58f | 333 | /** |
7b61d648 EP |
334 | * has_capability_noaudit - Does a task have a capability (unaudited) in the |
335 | * initial user ns | |
336 | * @t: The task in question | |
5cd9c58f DH |
337 | * @cap: The capability to be tested for |
338 | * | |
7b61d648 EP |
339 | * Return true if the specified task has the given superior capability |
340 | * currently in effect to init_user_ns, false if not. Don't write an | |
341 | * audit message for the check. | |
5cd9c58f | 342 | * |
7b61d648 | 343 | * Note that this does not set PF_SUPERPRIV on the task. |
5cd9c58f | 344 | */ |
7b61d648 | 345 | bool has_capability_noaudit(struct task_struct *t, int cap) |
3486740a | 346 | { |
7b61d648 | 347 | return has_ns_capability_noaudit(t, &init_user_ns, cap); |
3486740a | 348 | } |
eba0549b | 349 | EXPORT_SYMBOL(has_capability_noaudit); |
3486740a | 350 | |
c1a85a00 MM |
351 | static bool ns_capable_common(struct user_namespace *ns, |
352 | int cap, | |
353 | unsigned int opts) | |
98f368e9 TH |
354 | { |
355 | int capable; | |
356 | ||
357 | if (unlikely(!cap_valid(cap))) { | |
358 | pr_crit("capable() called with invalid cap=%u\n", cap); | |
359 | BUG(); | |
360 | } | |
361 | ||
c1a85a00 | 362 | capable = security_capable(current_cred(), ns, cap, opts); |
98f368e9 TH |
363 | if (capable == 0) { |
364 | current->flags |= PF_SUPERPRIV; | |
365 | return true; | |
366 | } | |
367 | return false; | |
368 | } | |
369 | ||
3486740a SH |
370 | /** |
371 | * ns_capable - Determine if the current task has a superior capability in effect | |
372 | * @ns: The usernamespace we want the capability in | |
373 | * @cap: The capability to be tested for | |
374 | * | |
375 | * Return true if the current task has the given superior capability currently | |
376 | * available for use, false if not. | |
377 | * | |
378 | * This sets PF_SUPERPRIV on the task if the capability is available on the | |
379 | * assumption that it's about to be used. | |
380 | */ | |
381 | bool ns_capable(struct user_namespace *ns, int cap) | |
12b5989b | 382 | { |
c1a85a00 | 383 | return ns_capable_common(ns, cap, CAP_OPT_NONE); |
12b5989b | 384 | } |
3486740a SH |
385 | EXPORT_SYMBOL(ns_capable); |
386 | ||
98f368e9 TH |
387 | /** |
388 | * ns_capable_noaudit - Determine if the current task has a superior capability | |
389 | * (unaudited) in effect | |
390 | * @ns: The usernamespace we want the capability in | |
391 | * @cap: The capability to be tested for | |
392 | * | |
393 | * Return true if the current task has the given superior capability currently | |
394 | * available for use, false if not. | |
395 | * | |
396 | * This sets PF_SUPERPRIV on the task if the capability is available on the | |
397 | * assumption that it's about to be used. | |
398 | */ | |
399 | bool ns_capable_noaudit(struct user_namespace *ns, int cap) | |
400 | { | |
c1a85a00 | 401 | return ns_capable_common(ns, cap, CAP_OPT_NOAUDIT); |
98f368e9 TH |
402 | } |
403 | EXPORT_SYMBOL(ns_capable_noaudit); | |
2813893f | 404 | |
40852275 MM |
405 | /** |
406 | * ns_capable_setid - Determine if the current task has a superior capability | |
407 | * in effect, while signalling that this check is being done from within a | |
111767c1 | 408 | * setid or setgroups syscall. |
40852275 MM |
409 | * @ns: The usernamespace we want the capability in |
410 | * @cap: The capability to be tested for | |
411 | * | |
412 | * Return true if the current task has the given superior capability currently | |
413 | * available for use, false if not. | |
414 | * | |
415 | * This sets PF_SUPERPRIV on the task if the capability is available on the | |
416 | * assumption that it's about to be used. | |
417 | */ | |
418 | bool ns_capable_setid(struct user_namespace *ns, int cap) | |
419 | { | |
420 | return ns_capable_common(ns, cap, CAP_OPT_INSETID); | |
421 | } | |
422 | EXPORT_SYMBOL(ns_capable_setid); | |
423 | ||
2813893f IM |
424 | /** |
425 | * capable - Determine if the current task has a superior capability in effect | |
426 | * @cap: The capability to be tested for | |
427 | * | |
428 | * Return true if the current task has the given superior capability currently | |
429 | * available for use, false if not. | |
430 | * | |
431 | * This sets PF_SUPERPRIV on the task if the capability is available on the | |
432 | * assumption that it's about to be used. | |
433 | */ | |
434 | bool capable(int cap) | |
435 | { | |
436 | return ns_capable(&init_user_ns, cap); | |
437 | } | |
438 | EXPORT_SYMBOL(capable); | |
439 | #endif /* CONFIG_MULTIUSER */ | |
440 | ||
935d8aab LT |
441 | /** |
442 | * file_ns_capable - Determine if the file's opener had a capability in effect | |
443 | * @file: The file we want to check | |
444 | * @ns: The usernamespace we want the capability in | |
445 | * @cap: The capability to be tested for | |
446 | * | |
447 | * Return true if task that opened the file had a capability in effect | |
448 | * when the file was opened. | |
449 | * | |
450 | * This does not set PF_SUPERPRIV because the caller may not | |
451 | * actually be privileged. | |
452 | */ | |
a6c8c690 FF |
453 | bool file_ns_capable(const struct file *file, struct user_namespace *ns, |
454 | int cap) | |
935d8aab | 455 | { |
c1a85a00 | 456 | |
935d8aab LT |
457 | if (WARN_ON_ONCE(!cap_valid(cap))) |
458 | return false; | |
459 | ||
c1a85a00 | 460 | if (security_capable(file->f_cred, ns, cap, CAP_OPT_NONE) == 0) |
935d8aab LT |
461 | return true; |
462 | ||
463 | return false; | |
464 | } | |
465 | EXPORT_SYMBOL(file_ns_capable); | |
466 | ||
f84df2a6 EB |
467 | /** |
468 | * privileged_wrt_inode_uidgid - Do capabilities in the namespace work over the inode? | |
469 | * @ns: The user namespace in question | |
a495108e | 470 | * @idmap: idmap of the mount @inode was found from |
f84df2a6 EB |
471 | * @inode: The inode in question |
472 | * | |
473 | * Return true if the inode uid and gid are within the namespace. | |
474 | */ | |
0558c1bf | 475 | bool privileged_wrt_inode_uidgid(struct user_namespace *ns, |
9452e93e | 476 | struct mnt_idmap *idmap, |
0558c1bf | 477 | const struct inode *inode) |
f84df2a6 | 478 | { |
e67fe633 CB |
479 | return vfsuid_has_mapping(ns, i_uid_into_vfsuid(idmap, inode)) && |
480 | vfsgid_has_mapping(ns, i_gid_into_vfsgid(idmap, inode)); | |
f84df2a6 EB |
481 | } |
482 | ||
1a48e2ac | 483 | /** |
23adbe12 | 484 | * capable_wrt_inode_uidgid - Check nsown_capable and uid and gid mapped |
a495108e | 485 | * @idmap: idmap of the mount @inode was found from |
1a48e2ac EB |
486 | * @inode: The inode in question |
487 | * @cap: The capability in question | |
488 | * | |
23adbe12 AL |
489 | * Return true if the current task has the given capability targeted at |
490 | * its own user namespace and that the given inode's uid and gid are | |
491 | * mapped into the current user namespace. | |
1a48e2ac | 492 | */ |
9452e93e | 493 | bool capable_wrt_inode_uidgid(struct mnt_idmap *idmap, |
0558c1bf | 494 | const struct inode *inode, int cap) |
1a48e2ac EB |
495 | { |
496 | struct user_namespace *ns = current_user_ns(); | |
497 | ||
0558c1bf | 498 | return ns_capable(ns, cap) && |
9452e93e | 499 | privileged_wrt_inode_uidgid(ns, idmap, inode); |
1a48e2ac | 500 | } |
23adbe12 | 501 | EXPORT_SYMBOL(capable_wrt_inode_uidgid); |
64b875f7 EB |
502 | |
503 | /** | |
504 | * ptracer_capable - Determine if the ptracer holds CAP_SYS_PTRACE in the namespace | |
505 | * @tsk: The task that may be ptraced | |
506 | * @ns: The user namespace to search for CAP_SYS_PTRACE in | |
507 | * | |
508 | * Return true if the task that is ptracing the current task had CAP_SYS_PTRACE | |
509 | * in the specified user namespace. | |
510 | */ | |
511 | bool ptracer_capable(struct task_struct *tsk, struct user_namespace *ns) | |
512 | { | |
513 | int ret = 0; /* An absent tracer adds no restrictions */ | |
514 | const struct cred *cred; | |
c1a85a00 | 515 | |
64b875f7 EB |
516 | rcu_read_lock(); |
517 | cred = rcu_dereference(tsk->ptracer_cred); | |
518 | if (cred) | |
c1a85a00 MM |
519 | ret = security_capable(cred, ns, CAP_SYS_PTRACE, |
520 | CAP_OPT_NOAUDIT); | |
64b875f7 EB |
521 | rcu_read_unlock(); |
522 | return (ret == 0); | |
523 | } |