diff options
| author | Eric Paris <eparis@redhat.com> | 2012-01-03 12:25:15 -0500 |
|---|---|---|
| committer | Eric Paris <eparis@redhat.com> | 2012-01-05 18:52:56 -0500 |
| commit | 25e75703410a84b80623da3653db6b70282e5c6a (patch) | |
| tree | 83a5737f243ec6f95271e622fbde4c77b7ccba9f /kernel/capability.c | |
| parent | 2920a8409de5a51575d03deca07e5bb2be6fc98d (diff) | |
capabilities: call has_ns_capability from has_capability
Declare the more specific has_ns_capability first in the code and then call it
from has_capability. The declaration reversal isn't stricty necessary since
they are both declared in header files, but it just makes sense to put more
specific functions first in the code.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>
Diffstat (limited to 'kernel/capability.c')
| -rw-r--r-- | kernel/capability.c | 26 |
1 files changed, 10 insertions, 16 deletions
diff --git a/kernel/capability.c b/kernel/capability.c index ff50ab62cfca..fb815d1b9ea2 100644 --- a/kernel/capability.c +++ b/kernel/capability.c | |||
| @@ -287,47 +287,41 @@ error: | |||
| 287 | } | 287 | } |
| 288 | 288 | ||
| 289 | /** | 289 | /** |
| 290 | * has_capability - Does a task have a capability in init_user_ns | 290 | * has_ns_capability - Does a task have a capability in a specific user ns |
| 291 | * @t: The task in question | 291 | * @t: The task in question |
| 292 | * @ns: target user namespace | ||
| 292 | * @cap: The capability to be tested for | 293 | * @cap: The capability to be tested for |
| 293 | * | 294 | * |
| 294 | * Return true if the specified task has the given superior capability | 295 | * Return true if the specified task has the given superior capability |
| 295 | * currently in effect to the initial user namespace, false if not. | 296 | * currently in effect to the specified user namespace, false if not. |
| 296 | * | 297 | * |
| 297 | * Note that this does not set PF_SUPERPRIV on the task. | 298 | * Note that this does not set PF_SUPERPRIV on the task. |
| 298 | */ | 299 | */ |
| 299 | bool has_capability(struct task_struct *t, int cap) | 300 | bool has_ns_capability(struct task_struct *t, |
| 301 | struct user_namespace *ns, int cap) | ||
| 300 | { | 302 | { |
| 301 | int ret; | 303 | int ret; |
| 302 | 304 | ||
| 303 | rcu_read_lock(); | 305 | rcu_read_lock(); |
| 304 | ret = security_capable(__task_cred(t), &init_user_ns, cap); | 306 | ret = security_capable(__task_cred(t), ns, cap); |
| 305 | rcu_read_unlock(); | 307 | rcu_read_unlock(); |
| 306 | 308 | ||
| 307 | return (ret == 0); | 309 | return (ret == 0); |
| 308 | } | 310 | } |
| 309 | 311 | ||
| 310 | /** | 312 | /** |
| 311 | * has_capability - Does a task have a capability in a specific user ns | 313 | * has_capability - Does a task have a capability in init_user_ns |
| 312 | * @t: The task in question | 314 | * @t: The task in question |
| 313 | * @ns: target user namespace | ||
| 314 | * @cap: The capability to be tested for | 315 | * @cap: The capability to be tested for |
| 315 | * | 316 | * |
| 316 | * Return true if the specified task has the given superior capability | 317 | * Return true if the specified task has the given superior capability |
| 317 | * currently in effect to the specified user namespace, false if not. | 318 | * currently in effect to the initial user namespace, false if not. |
| 318 | * | 319 | * |
| 319 | * Note that this does not set PF_SUPERPRIV on the task. | 320 | * Note that this does not set PF_SUPERPRIV on the task. |
| 320 | */ | 321 | */ |
| 321 | bool has_ns_capability(struct task_struct *t, | 322 | bool has_capability(struct task_struct *t, int cap) |
| 322 | struct user_namespace *ns, int cap) | ||
| 323 | { | 323 | { |
| 324 | int ret; | 324 | return has_ns_capability(t, &init_user_ns, cap); |
| 325 | |||
| 326 | rcu_read_lock(); | ||
| 327 | ret = security_capable(__task_cred(t), ns, cap); | ||
| 328 | rcu_read_unlock(); | ||
| 329 | |||
| 330 | return (ret == 0); | ||
| 331 | } | 325 | } |
| 332 | 326 | ||
| 333 | /** | 327 | /** |