summaryrefslogtreecommitdiffstats
path: root/kernel/include/linux/cred.h
diff options
context:
space:
mode:
Diffstat (limited to 'kernel/include/linux/cred.h')
-rw-r--r--kernel/include/linux/cred.h8
1 files changed, 8 insertions, 0 deletions
diff --git a/kernel/include/linux/cred.h b/kernel/include/linux/cred.h
index 8b6c083e6..8d70e1361 100644
--- a/kernel/include/linux/cred.h
+++ b/kernel/include/linux/cred.h
@@ -137,6 +137,7 @@ struct cred {
kernel_cap_t cap_permitted; /* caps we're permitted */
kernel_cap_t cap_effective; /* caps we can actually use */
kernel_cap_t cap_bset; /* capability bounding set */
+ kernel_cap_t cap_ambient; /* Ambient capability set */
#ifdef CONFIG_KEYS
unsigned char jit_keyring; /* default keyring to attach requested
* keys to */
@@ -212,6 +213,13 @@ static inline void validate_process_creds(void)
}
#endif
+static inline bool cap_ambient_invariant_ok(const struct cred *cred)
+{
+ return cap_issubset(cred->cap_ambient,
+ cap_intersect(cred->cap_permitted,
+ cred->cap_inheritable));
+}
+
/**
* get_new_cred - Get a reference on a new set of credentials
* @cred: The new credentials to reference