tomoyo: add missing call to cap_bprm_set_creds

cap_bprm_set_creds() has to be called from security_bprm_set_creds().
TOMOYO forgot to call cap_bprm_set_creds() from tomoyo_bprm_set_creds()
and suid executables were not being working.

Make sure we call cap_bprm_set_creds() with TOMOYO, to set credentials
properly inside tomoyo_bprm_set_creds().

Signed-off-by: Herton Ronaldo Krzesinski <herton@mandriva.com.br>
Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>

diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 5b481912752a91e10199cef23f664d76454ec751..e42be5c4f055b5ebb5258fdb3e6d041f9b3d2f91 100644 (file)
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -27,6 +27,12 @@ static int tomoyo_cred_prepare(struct cred *new, const struct cred *old,
 
 static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
 {
+       int rc;
+
+       rc = cap_bprm_set_creds(bprm);
+       if (rc)
+               return rc;
+
        /*
         * Do only if this function is called for the first time of an execve
         * operation.