]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blobdiff - security/commoncap.c
projects / mirror_ubuntu-zesty-kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
CAPABILITIES: remove undefined caps from all processes
[mirror_ubuntu-zesty-kernel.git] / security / commoncap.c
diff --git a/security/commoncap.c b/security/commoncap.c
index 9fe46e22c7f259538197c84b8180d4cffad8baf8..bab0611afc1eed309a04f9cf2ee05575ea98fc9d 100644 (file)
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -421,6 +421,9 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data
                cpu_caps->inheritable.cap[i] = le32_to_cpu(caps.data[i].inheritable);
        }
 
+       cpu_caps->permitted.cap[CAP_LAST_U32] &= CAP_LAST_U32_VALID_MASK;
+       cpu_caps->inheritable.cap[CAP_LAST_U32] &= CAP_LAST_U32_VALID_MASK;
+
        return 0;
 }
 
ubuntu-zesty-kernel mirror