| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 Mar 2024 12:37:24 +0100
From: Christian Göttsche <cgzones@...glemail.com>
To: linux-security-module@...r.kernel.org
Cc: Serge Hallyn <serge@...lyn.com>,
linux-kernel@...r.kernel.org,
bpf@...r.kernel.org
Subject: [PATCH 03/10] capability: use new capable_any functionality
Use the new added capable_any function in appropriate cases, where a
task is required to have any of two capabilities.
Signed-off-by: Christian Göttsche <cgzones@...glemail.com>
---
v3:
- rename to capable_any()
- simplify checkpoint_restore_ns_capable()
---
include/linux/capability.h | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/include/linux/capability.h b/include/linux/capability.h
index eeb958440656..4db0ffb47271 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -204,18 +204,17 @@ extern bool file_ns_capable(const struct file *file, struct user_namespace *ns,
extern bool ptracer_capable(struct task_struct *tsk, struct user_namespace *ns);
static inline bool perfmon_capable(void)
{
- return capable(CAP_PERFMON) || capable(CAP_SYS_ADMIN);
+ return capable_any(CAP_PERFMON, CAP_SYS_ADMIN);
}
static inline bool bpf_capable(void)
{
- return capable(CAP_BPF) || capable(CAP_SYS_ADMIN);
+ return capable_any(CAP_BPF, CAP_SYS_ADMIN);
}
static inline bool checkpoint_restore_ns_capable(struct user_namespace *ns)
{
- return ns_capable(ns, CAP_CHECKPOINT_RESTORE) ||
- ns_capable(ns, CAP_SYS_ADMIN);
+ return ns_capable_any(ns, CAP_CHECKPOINT_RESTORE, CAP_SYS_ADMIN);
}
/* audit system wants to get cap info from files as well */
--
2.43.0
Powered by blists - more mailing lists