diff options
| author | Thomas Gleixner <tglx@linutronix.de> | 2016-09-14 20:53:26 +0200 |
|---|---|---|
| committer | Thomas Gleixner <tglx@linutronix.de> | 2016-09-14 20:53:26 +0200 |
| commit | 16217dc79dbc599b110dda26d0421df47904bba4 (patch) | |
| tree | 98df3c18b14284b8a6f8b04de12e0b7dde5a55fa /kernel/capability.c | |
| parent | ecb3f394c5dba897d215a5422f1b363e93e2ce4e (diff) | |
| parent | 723344dd0b2aa10ef9d28fe7f35d594d3e64f0f9 (diff) | |
| download | linux-16217dc79dbc599b110dda26d0421df47904bba4.tar.gz linux-16217dc79dbc599b110dda26d0421df47904bba4.tar.bz2 linux-16217dc79dbc599b110dda26d0421df47904bba4.zip | |
Merge tag 'irqchip-4.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/maz/arm-platforms into irq/core
Merge the first drop of irqchip updates for 4.9 from Marc Zyngier:
- ACPI IORT core code
- IORT support for the GICv3 ITS
- A few of GIC cleanups
Diffstat (limited to 'kernel/capability.c')
| -rw-r--r-- | kernel/capability.c | 46 |
1 files changed, 36 insertions, 10 deletions
diff --git a/kernel/capability.c b/kernel/capability.c index 45432b54d5c6..00411c82dac5 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -361,6 +361,24 @@ bool has_capability_noaudit(struct task_struct *t, int cap) return has_ns_capability_noaudit(t, &init_user_ns, cap); } +static bool ns_capable_common(struct user_namespace *ns, int cap, bool audit) +{ + int capable; + + if (unlikely(!cap_valid(cap))) { + pr_crit("capable() called with invalid cap=%u\n", cap); + BUG(); + } + + capable = audit ? security_capable(current_cred(), ns, cap) : + security_capable_noaudit(current_cred(), ns, cap); + if (capable == 0) { + current->flags |= PF_SUPERPRIV; + return true; + } + return false; +} + /** * ns_capable - Determine if the current task has a superior capability in effect * @ns: The usernamespace we want the capability in @@ -374,19 +392,27 @@ bool has_capability_noaudit(struct task_struct *t, int cap) */ bool ns_capable(struct user_namespace *ns, int cap) { - if (unlikely(!cap_valid(cap))) { - pr_crit("capable() called with invalid cap=%u\n", cap); - BUG(); - } - - if (security_capable(current_cred(), ns, cap) == 0) { - current->flags |= PF_SUPERPRIV; - return true; - } - return false; + return ns_capable_common(ns, cap, true); } EXPORT_SYMBOL(ns_capable); +/** + * ns_capable_noaudit - Determine if the current task has a superior capability + * (unaudited) in effect + * @ns: The usernamespace we want the capability in + * @cap: The capability to be tested for + * + * Return true if the current task has the given superior capability currently + * available for use, false if not. + * + * This sets PF_SUPERPRIV on the task if the capability is available on the + * assumption that it's about to be used. + */ +bool ns_capable_noaudit(struct user_namespace *ns, int cap) +{ + return ns_capable_common(ns, cap, false); +} +EXPORT_SYMBOL(ns_capable_noaudit); /** * capable - Determine if the current task has a superior capability in effect |