5 files changed, 7 insertions, 20 deletions

diff --git a/include/linux/capability.h b/include/linux/capability.h
index 63f59fa8769d..e3e8d9cb9b08 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -547,7 +547,6 @@ extern bool has_ns_capability_noaudit(struct task_struct *t,
                                       struct user_namespace *ns, int cap);
 extern bool capable(int cap);
 extern bool ns_capable(struct user_namespace *ns, int cap);
-extern bool task_ns_capable(struct task_struct *t, int cap);
 extern bool nsown_capable(int cap);
 
 /* audit system wants to get cap info from files as well */
diff --git a/include/linux/cred.h b/include/linux/cred.h
index 40308969ed00..adadf71a7327 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -358,10 +358,12 @@ static inline void put_cred(const struct cred *_cred)
 #define current_security()      (current_cred_xxx(security))
 
 #ifdef CONFIG_USER_NS
-#define current_user_ns() (current_cred_xxx(user_ns))
+#define current_user_ns()       (current_cred_xxx(user_ns))
+#define task_user_ns(task)      (task_cred_xxx((task), user_ns))
 #else
 extern struct user_namespace init_user_ns;
-#define current_user_ns() (&init_user_ns)
+#define current_user_ns()       (&init_user_ns)
+#define task_user_ns(task)      (&init_user_ns)
 #endif
 
 
diff --git a/kernel/capability.c b/kernel/capability.c
index 47626446c39a..74fb3b603045 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -409,20 +409,6 @@ bool capable(int cap)
 EXPORT_SYMBOL(capable);
 
 /**
- * task_ns_capable - Determine whether current task has a superior
- * capability targeted at a specific task's user namespace.
- * @t: The task whose user namespace is targeted.
- * @cap: The capability in question.
- *
- *  Return true if it does, false otherwise.
- */
-bool task_ns_capable(struct task_struct *t, int cap)
-{
-        return ns_capable(task_cred_xxx(t, user)->user_ns, cap);
-}
-EXPORT_SYMBOL(task_ns_capable);
-
-/**
  * nsown_capable - Check superior capability to one's own user_ns
  * @cap: The capability in question
  *
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index a70d2a5d8c7b..210bbf045ee9 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -196,7 +196,7 @@ ok:
         smp_rmb();
         if (task->mm)
                 dumpable = get_dumpable(task->mm);
-        if (!dumpable && !task_ns_capable(task, CAP_SYS_PTRACE))
+        if (!dumpable && !ns_capable(task_user_ns(task), CAP_SYS_PTRACE))
                 return -EPERM;
 
         return security_ptrace_access_check(task, mode);
@@ -266,7 +266,7 @@ static int ptrace_attach(struct task_struct *task, long request,
         task->ptrace = PT_PTRACED;
         if (seize)
                 task->ptrace |= PT_SEIZED;
-        if (task_ns_capable(task, CAP_SYS_PTRACE))
+        if (ns_capable(task_user_ns(task), CAP_SYS_PTRACE))
                 task->ptrace |= PT_PTRACE_CAP;
 
         __ptrace_link(task, current);
diff --git a/kernel/sched.c b/kernel/sched.c
index b50b0f0c9aa9..5670028a9c16 100644
--- a/kernel/sched.c
+++ b/kernel/sched.c
@@ -5409,7 +5409,7 @@ long sched_setaffinity(pid_t pid, const struct cpumask *in_mask)
                 goto out_free_cpus_allowed;
         }
         retval = -EPERM;
-        if (!check_same_owner(p) && !task_ns_capable(p, CAP_SYS_NICE))
+        if (!check_same_owner(p) && !ns_capable(task_user_ns(p), CAP_SYS_NICE))
                 goto out_unlock;
 
         retval = security_task_setscheduler(p);