diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2009-01-06 20:11:39 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-01-06 20:11:39 -0500 |
| commit | c861ea2cb2c25c1698734d9b0540a09e253690a1 (patch) | |
| tree | b83e5313ca07a3efbcbcdd7fe33e0f6ad6284493 /security/security.c | |
| parent | 3610639d1fceb09cb418c65fcbe9136c31eee03a (diff) | |
| parent | ac8cc0fa5395fe2278e305a4cbed48e90d88d878 (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
CRED: Fix regression in cap_capable() as shown up by sys_faccessat() [ver #3]
Revert "CRED: Fix regression in cap_capable() as shown up by sys_faccessat() [ver #2]"
SELinux: shrink sizeof av_inhert selinux_class_perm and context
CRED: Fix regression in cap_capable() as shown up by sys_faccessat() [ver #2]
keys: fix sparse warning by adding __user annotation to cast
smack: Add support for unlabeled network hosts and networks
selinux: Deprecate and schedule the removal of the the compat_net functionality
netlabel: Update kernel configuration API
Diffstat (limited to 'security/security.c')
| -rw-r--r-- | security/security.c | 26 |
1 files changed, 22 insertions, 4 deletions
diff --git a/security/security.c b/security/security.c index 678d4d07b852..c3586c0d97e2 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -154,14 +154,32 @@ int security_capset(struct cred *new, const struct cred *old, | |||
| 154 | effective, inheritable, permitted); | 154 | effective, inheritable, permitted); |
| 155 | } | 155 | } |
| 156 | 156 | ||
| 157 | int security_capable(struct task_struct *tsk, int cap) | 157 | int security_capable(int cap) |
| 158 | { | 158 | { |
| 159 | return security_ops->capable(tsk, cap, SECURITY_CAP_AUDIT); | 159 | return security_ops->capable(current, current_cred(), cap, |
| 160 | SECURITY_CAP_AUDIT); | ||
| 160 | } | 161 | } |
| 161 | 162 | ||
| 162 | int security_capable_noaudit(struct task_struct *tsk, int cap) | 163 | int security_real_capable(struct task_struct *tsk, int cap) |
| 163 | { | 164 | { |
| 164 | return security_ops->capable(tsk, cap, SECURITY_CAP_NOAUDIT); | 165 | const struct cred *cred; |
| 166 | int ret; | ||
| 167 | |||
| 168 | cred = get_task_cred(tsk); | ||
| 169 | ret = security_ops->capable(tsk, cred, cap, SECURITY_CAP_AUDIT); | ||
| 170 | put_cred(cred); | ||
| 171 | return ret; | ||
| 172 | } | ||
| 173 | |||
| 174 | int security_real_capable_noaudit(struct task_struct *tsk, int cap) | ||
| 175 | { | ||
| 176 | const struct cred *cred; | ||
| 177 | int ret; | ||
| 178 | |||
| 179 | cred = get_task_cred(tsk); | ||
| 180 | ret = security_ops->capable(tsk, cred, cap, SECURITY_CAP_NOAUDIT); | ||
| 181 | put_cred(cred); | ||
| 182 | return ret; | ||
| 165 | } | 183 | } |
| 166 | 184 | ||
| 167 | int security_acct(struct file *file) | 185 | int security_acct(struct file *file) |