Linux-libre 4.3.2-gnu

author: André Fabian Silva Delgado <emulatorman@parabola.nu> 2015-12-15 14:52:16 -0300
committer: André Fabian Silva Delgado <emulatorman@parabola.nu> 2015-12-15 14:52:16 -0300
commit: 8d91c1e411f55d7ea91b1183a2e9f8088fb4d5be (patch)
tree: e9891aa6c295060d065adffd610c4f49ecf884f3 /kernel/ptrace.c
parent: a71852147516bc1cb5b0b3cbd13639bfd4022dc8 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index c8e0e050a..787320de6 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -556,6 +556,19 @@ static int ptrace_setoptions(struct task_struct *child, unsigned long data)
 	if (data & ~(unsigned long)PTRACE_O_MASK)
 		return -EINVAL;
 
+	if (unlikely(data & PTRACE_O_SUSPEND_SECCOMP)) {
+		if (!config_enabled(CONFIG_CHECKPOINT_RESTORE) ||
+		    !config_enabled(CONFIG_SECCOMP))
+			return -EINVAL;
+
+		if (!capable(CAP_SYS_ADMIN))
+			return -EPERM;
+
+		if (seccomp_mode(&current->seccomp) != SECCOMP_MODE_DISABLED ||
+		    current->ptrace & PT_SUSPEND_SECCOMP)
+			return -EPERM;
+	}
+
 	/* Avoid intermediate state when all opts are cleared */
 	flags = child->ptrace;
 	flags &= ~(PTRACE_O_MASK << PT_OPT_FLAG_SHIFT);
author	André Fabian Silva Delgado <emulatorman@parabola.nu>	2015-12-15 14:52:16 -0300
committer	André Fabian Silva Delgado <emulatorman@parabola.nu>	2015-12-15 14:52:16 -0300
commit	8d91c1e411f55d7ea91b1183a2e9f8088fb4d5be (patch)
tree	e9891aa6c295060d065adffd610c4f49ecf884f3 /kernel/ptrace.c
parent	a71852147516bc1cb5b0b3cbd13639bfd4022dc8 (diff)