Merge tag 'seccomp-4.5-rc2' of... (1c1ecf17) · Commits · 戴 / test

kernel/seccomp.c

+11 −11

Original line number	Diff line number	Diff line
		@@ -316,13 +316,7 @@ static inline void seccomp_sync_threads(void)
		put_seccomp_filter(thread);
		smp_store_release(&thread->seccomp.filter,
		caller->seccomp.filter);
		/*
		* Opt the other thread into seccomp if needed.
		* As threads are considered to be trust-realm
		* equivalent (see ptrace_may_access), it is safe to
		* allow one thread to transition the other.
		*/
		if (thread->seccomp.mode == SECCOMP_MODE_DISABLED) {

		/*
		* Don't let an unprivileged task work around
		* the no_new_privs restriction by creating
		@@ -332,10 +326,16 @@ static inline void seccomp_sync_threads(void)
		if (task_no_new_privs(caller))
		task_set_no_new_privs(thread);

		/*
		* Opt the other thread into seccomp if needed.
		* As threads are considered to be trust-realm
		* equivalent (see ptrace_may_access), it is safe to
		* allow one thread to transition the other.
		*/
		if (thread->seccomp.mode == SECCOMP_MODE_DISABLED)
		seccomp_assign_mode(thread, SECCOMP_MODE_FILTER);
		}
		}
		}

		/**
		* seccomp_prepare_filter: Prepares a seccomp filter for use.