diff options
authorEric W. Biederman <>2020-05-27 22:37:33 -0500
committerEric W. Biederman <>2020-05-27 22:37:33 -0500
commite32f8879019535b899bc3d51f371e17526f208d1 (patch)
parent011593480d2931392bc167f7a20c82a6c34114fd (diff)
parenta4ae32c71fe90794127b32d26d7ad795813b502e (diff)
Merge commit a4ae32c71fe9 ("exec: Always set cap_ambient in cap_bprm_set_creds")
This is a bug fix and one of two places where I have found that the result of calling security_bprm_repopulate_creds more than once on different bprm->files depends on all of the bprm->files not just the file bprm->file. I intend to fix both of those cases and then modify the code to only call security_bprm_repopulate_creds on the final bprm file. So merge this change in so I hopefully reduce conflicts for others and I make it possible to build on top of this change. Signed-off-by: "Eric W. Biederman" <>
1 files changed, 1 insertions, 0 deletions
diff --git a/security/commoncap.c b/security/commoncap.c
index 045b5b80ea40..77b04cb6feac 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -812,6 +812,7 @@ int cap_bprm_repopulate_creds(struct linux_binprm *bprm)
int ret;
kuid_t root_uid;
+ new->cap_ambient = old->cap_ambient;
if (WARN_ON(!cap_ambient_invariant_ok(old)))
return -EPERM;