From mboxrd@z Thu Jan 1 00:00:00 1970 From: sukadev-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org Subject: [PATCH] Fix capability.c to work with threaded init Date: Fri, 17 Aug 2007 18:30:04 -0700 Message-ID: <20070818013004.GA29859@us.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Andrew Morton Cc: Containers , Oleg Nesterov , Pavel Emelianov List-Id: containers.vger.kernel.org From: Sukadev Bhattiprolu Subject: [PATCH] Fix capability.c to work with threaded init When setting capabilities, cap_set_all() must skip all threads of the container_init process - not just the main thread. Signed-off-by: Sukadev Bhattiprolu --- kernel/capability.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: 2.6.23-rc2-mm2/kernel/capability.c =================================================================== --- 2.6.23-rc2-mm2.orig/kernel/capability.c 2007-08-17 17:33:17.000000000 -0700 +++ 2.6.23-rc2-mm2/kernel/capability.c 2007-08-17 17:33:17.000000000 -0700 @@ -137,7 +137,7 @@ static inline int cap_set_all(kernel_cap int found = 0; do_each_thread(g, target) { - if (target == current || is_container_init(target)) + if (target == current || is_container_init(target->group_leader)) continue; found = 1; if (security_capset_check(target, effective, inheritable,