security: Push full creds info into may_xxx checks

It's not enough to check only uids on dump and restore -- we need to check e-ids and s-ids now (and caps in the future). Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2025-08-31 22:35:33 +00:00 · 2013-09-28 15:48:44 +04:00
parent 547d9bf959
commit 6bf63b3f01
4 changed files with 13 additions and 6 deletions
--- a/include/crtools.h
+++ b/include/crtools.h
@@ -209,7 +209,9 @@ static inline bool pid_rst_prio(unsigned pid_a, unsigned pid_b)
 }

 void restrict_uid(unsigned int uid);
-bool may_dump_uid(unsigned int uid);
-bool may_restore_uid(unsigned int uid);
+struct proc_status_creds;
+bool may_dump(struct proc_status_creds *);
+struct _CredsEntry;
+bool may_restore(struct _CredsEntry *);

 #endif /* __CR_CRTOOLS_H__ */