From 9c10704f39689dda66f9d5fb0cb97455e89abed1 Mon Sep 17 00:00:00 2001
From: Holger Dengler <dengler@linutronix.de>
Date: Fri, 21 Oct 2016 09:51:41 +0200
Subject: security: cap: Minor fixes and code fontsize

Signed-off-by: Holger Dengler <dengler@linutronix.de>
---
 security/advanced/frm_capabilities.tex | 25 +++++++++++--------------
 1 file changed, 11 insertions(+), 14 deletions(-)

(limited to 'security')

diff --git a/security/advanced/frm_capabilities.tex b/security/advanced/frm_capabilities.tex
index 7e514df..5acd8e9 100644
--- a/security/advanced/frm_capabilities.tex
+++ b/security/advanced/frm_capabilities.tex
@@ -140,13 +140,13 @@ Distribution: /usr/include/linux/capability.h
 \begin{columns}[onlytextwidth]
  \begin{column}{0.45\textwidth}
  \begin{beamerboxesrounded}[shadow=true]{Capability Set Handling}
- \begin{tiny}
+ \begin{scriptsize}
  \begin{verbatim}
 #include <sys/capability.h>
 
-int list_n = 1;
 cap_t caps;
-cap_value_t list[list_n];
+int list_n = 1;
+cap_value_t list[1];
 
 caps = cap_get_proc();
 
@@ -158,40 +158,37 @@ cap_set_proc(caps);
 
 cap_free(caps);
  \end{verbatim}
- \end{tiny}
+ \end{scriptsize}
  \end{beamerboxesrounded}
  \end{column}
  \begin{column}{0.45\textwidth}
 Capability Bitfield Modifications
  \begin{beamerboxesrounded}[shadow=true]{gain (temp):}
- \begin{tiny}
+ \begin{scriptsize}
  \begin{verbatim}
 list[0] = CAP_NET_BIND_SERVICE;
 cap_set_flag(caps, CAP_EFFECTIVE,
              list_n, list, CAP_SET);
-cap_set_proc(caps);
  \end{verbatim}
- \end{tiny}
+ \end{scriptsize}
  \end{beamerboxesrounded}
  \begin{beamerboxesrounded}[shadow=true]{drop (temp):}
- \begin{tiny}
+ \begin{scriptsize}
  \begin{verbatim}
 list[0] = CAP_NET_BIND_SERVICE;
 cap_set_flag(caps,CAP_EFFECTIVE,
              list_n, list,CAP_CLEAR);
-cap_set_proc(caps);
  \end{verbatim}
- \end{tiny}
+ \end{scriptsize}
  \end{beamerboxesrounded}
  \begin{beamerboxesrounded}[shadow=true]{drop (finally):}
- \begin{tiny}
+ \begin{scriptsize}
  \begin{verbatim}
 list[0] = CAP_NET_BIND_SERVICE;
 cap_set_flag(caps,CAP_PERMITTED,
              list_n, list,CAP_CLEAR);
-cap_set_proc(caps);
  \end{verbatim}
- \end{tiny}
+ \end{scriptsize}
  \end{beamerboxesrounded}
  \end{column}
 \end{columns}
@@ -208,7 +205,7 @@ Scenario for dropping capabilities in suid-root processes
  \item effective: drop all
  \item permitted: keep only required
  \end{itemize}
-\item set SEC\_KEEP\_CAPS (prctl(PR\_SET\_KEEPCAPS))
+\item set SEC\_KEEP\_CAPS (prctl(PR\_SET\_KEEPCAPS, 1))
 \item set all UIDs to non-zero
 \item raise capability in effecive set before calling a privileged syscall
 \item drop capability from effective set after syscall
-- 
cgit v1.2.3