security: Don't allow non-root user to dump or restore any caps bits

There can be a more sophisticated security policy, but right now
generic non-root user doesn't have any bits in there, so requiring
them to be zero is a sane starting point.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

security.c

@@ -33,14 +33,40 @@ static bool check_ids(unsigned int crid, unsigned int rid, unsigned int eid, uns
 	return false;
 }
 
+static bool check_caps(uint32_t *inh, uint32_t *eff, uint32_t *prm)
+{
+	int i;
+
+	/*
+	 * Impose the most strict requirements for now.
+	 * "Real" root user can use any caps, other users may
+	 * use none. Later we will implement more sophisticated
+	 * security model.
+	 */
+
+	if (cr_uid == 0 && cr_gid == 0)
+		return true;
+
+	for (i = 0; i < CR_CAP_SIZE; i++) {
+		if (inh[i] != 0 || eff[i] != 0 || prm[i] != 0) {
+			pr_err("CAPs not allowed for non-root user\n");
+			return false;
+		}
+	}
+
+	return true;
+}
+
 bool may_dump(struct proc_status_creds *creds)
 {
 	return check_ids(cr_uid, creds->uids[0], creds->uids[1], creds->uids[2]) &&
-		check_ids(cr_gid, creds->gids[0], creds->gids[1], creds->gids[2]);
+		check_ids(cr_gid, creds->gids[0], creds->gids[1], creds->gids[2]) &&
+		check_caps(creds->cap_inh, creds->cap_eff, creds->cap_prm);
 }
 
 bool may_restore(CredsEntry *creds)
 {
 	return check_ids(cr_uid, creds->uid, creds->euid, creds->suid) &&
-		check_ids(cr_gid, creds->gid, creds->egid, creds->sgid);
+		check_ids(cr_gid, creds->gid, creds->egid, creds->sgid) &&
+		check_caps(creds->cap_inh, creds->cap_eff, creds->cap_prm);
 }