diff --git a/fs/exec.c b/fs/exec.c
index 05f1942d7edba5e4086562c7beea27389b4d99ca..0b274a3cdd4f0acb979a62fe5c48436179972019 100644 (file)
--- a/fs/exec.c
+++ b/fs/exec.c
/*
* determine how safe it is to execute the proposed program
* - the caller must hold ->cred_guard_mutex to protect against
- * PTRACE_ATTACH
+ * PTRACE_ATTACH or seccomp thread-sync
*/
static void check_unsafe_exec(struct linux_binprm *bprm)
{
* This isn't strictly necessary, but it makes it harder for LSMs to
* mess up.
*/
- if (current->no_new_privs)
+ if (task_no_new_privs(current))
bprm->unsafe |= LSM_UNSAFE_NO_NEW_PRIVS;
t = p;
if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
return;
- if (current->no_new_privs)
+ if (task_no_new_privs(current))
return;
inode = file_inode(bprm->file);