Merge commit a4ae32c ("exec: Always set cap_ambient in cap_bprm_set_c…

…reds") This is a bug fix and one of two places where I have found that the result of calling security_bprm_repopulate_creds more than once on different bprm->files depends on all of the bprm->files not just the file bprm->file. I intend to fix both of those cases and then modify the code to only call security_bprm_repopulate_creds on the final bprm file. So merge this change in so I hopefully reduce conflicts for others and I make it possible to build on top of this change. Signed-off-by: "Eric W. Biederman" <[email protected]>
niw · May 28, 2020 · e32f887 · e32f887
2 parents 0115934 + a4ae32c
commit e32f887
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/security/commoncap.c b/security/commoncap.c
@@ -812,6 +812,7 @@ int cap_bprm_repopulate_creds(struct linux_binprm *bprm)
 	int ret;
 	kuid_t root_uid;
 
+	new->cap_ambient = old->cap_ambient;
 	if (WARN_ON(!cap_ambient_invariant_ok(old)))
 		return -EPERM;