| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Jun 2022 17:26:16 +0200
From: Christian Göttsche <cgzones@...glemail.com>
To: selinux@...r.kernel.org
Cc: Serge Hallyn <serge@...lyn.com>,
linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH v3 2/8] capability: use new capable_any functionality
Use the new added capable_any function in appropriate cases, where a
task is required to have any of two capabilities.
Signed-off-by: Christian Göttsche <cgzones@...glemail.com>
---
v3:
- rename to capable_any()
- simplify checkpoint_restore_ns_capable()
---
include/linux/capability.h | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 7316d5339a6e..092cb9773079 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -266,18 +266,17 @@ extern bool file_ns_capable(const struct file *file, struct user_namespace *ns,
extern bool ptracer_capable(struct task_struct *tsk, struct user_namespace *ns);
static inline bool perfmon_capable(void)
{
- return capable(CAP_PERFMON) || capable(CAP_SYS_ADMIN);
+ return capable_any(CAP_PERFMON, CAP_SYS_ADMIN);
}
static inline bool bpf_capable(void)
{
- return capable(CAP_BPF) || capable(CAP_SYS_ADMIN);
+ return capable_any(CAP_BPF, CAP_SYS_ADMIN);
}
static inline bool checkpoint_restore_ns_capable(struct user_namespace *ns)
{
- return ns_capable(ns, CAP_CHECKPOINT_RESTORE) ||
- ns_capable(ns, CAP_SYS_ADMIN);
+ return ns_capable_any(ns, CAP_CHECKPOINT_RESTORE, CAP_SYS_ADMIN);
}
/* audit system wants to get cap info from files as well */
--
2.36.1
Powered by blists - more mailing lists