diff options
-rw-r--r-- | include/linux/capability.h | 17 | ||||
-rw-r--r-- | include/linux/security.h | 49 | ||||
-rw-r--r-- | kernel/capability.c | 2 | ||||
-rw-r--r-- | security/capability.c | 1 | ||||
-rw-r--r-- | security/commoncap.c | 42 | ||||
-rw-r--r-- | security/root_plug.c | 1 | ||||
-rw-r--r-- | security/security.c | 25 | ||||
-rw-r--r-- | security/selinux/hooks.c | 26 | ||||
-rw-r--r-- | security/smack/smack_lsm.c | 1 |
9 files changed, 129 insertions, 35 deletions
diff --git a/include/linux/capability.h b/include/linux/capability.h index e22f48c2a46f..5b8a13214451 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h | |||
@@ -529,8 +529,21 @@ extern const kernel_cap_t __cap_init_eff_set; | |||
529 | * | 529 | * |
530 | * Note that this does not set PF_SUPERPRIV on the task. | 530 | * Note that this does not set PF_SUPERPRIV on the task. |
531 | */ | 531 | */ |
532 | #define has_capability(t, cap) (security_capable((t), (cap)) == 0) | 532 | #define has_capability(t, cap) (security_task_capable((t), (cap)) == 0) |
533 | #define has_capability_noaudit(t, cap) (security_capable_noaudit((t), (cap)) == 0) | 533 | |
534 | /** | ||
535 | * has_capability_noaudit - Determine if a task has a superior capability available (unaudited) | ||
536 | * @t: The task in question | ||
537 | * @cap: The capability to be tested for | ||
538 | * | ||
539 | * Return true if the specified task has the given superior capability | ||
540 | * currently in effect, false if not, but don't write an audit message for the | ||
541 | * check. | ||
542 | * | ||
543 | * Note that this does not set PF_SUPERPRIV on the task. | ||
544 | */ | ||
545 | #define has_capability_noaudit(t, cap) \ | ||
546 | (security_task_capable_noaudit((t), (cap)) == 0) | ||
534 | 547 | ||
535 | extern int capable(int cap); | 548 | extern int capable(int cap); |
536 | 549 | ||
diff --git a/include/linux/security.h b/include/linux/security.h index 3416cb85e77b..76989b8bc34f 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -48,7 +48,9 @@ struct audit_krule; | |||
48 | * These functions are in security/capability.c and are used | 48 | * These functions are in security/capability.c and are used |
49 | * as the default capabilities functions | 49 | * as the default capabilities functions |
50 | */ | 50 | */ |
51 | extern int cap_capable(struct task_struct *tsk, int cap, int audit); | 51 | extern int cap_capable(int cap, int audit); |
52 | extern int cap_task_capable(struct task_struct *tsk, const struct cred *cred, | ||
53 | int cap, int audit); | ||
52 | extern int cap_settime(struct timespec *ts, struct timezone *tz); | 54 | extern int cap_settime(struct timespec *ts, struct timezone *tz); |
53 | extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode); | 55 | extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode); |
54 | extern int cap_ptrace_traceme(struct task_struct *parent); | 56 | extern int cap_ptrace_traceme(struct task_struct *parent); |
@@ -1195,9 +1197,18 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1195 | * @permitted contains the permitted capability set. | 1197 | * @permitted contains the permitted capability set. |
1196 | * Return 0 and update @new if permission is granted. | 1198 | * Return 0 and update @new if permission is granted. |
1197 | * @capable: | 1199 | * @capable: |
1198 | * Check whether the @tsk process has the @cap capability. | 1200 | * Check whether the current process has the @cap capability in its |
1201 | * subjective/effective credentials. | ||
1202 | * @cap contains the capability <include/linux/capability.h>. | ||
1203 | * @audit: Whether to write an audit message or not | ||
1204 | * Return 0 if the capability is granted for @tsk. | ||
1205 | * @task_capable: | ||
1206 | * Check whether the @tsk process has the @cap capability in its | ||
1207 | * objective/real credentials. | ||
1199 | * @tsk contains the task_struct for the process. | 1208 | * @tsk contains the task_struct for the process. |
1209 | * @cred contains the credentials to use. | ||
1200 | * @cap contains the capability <include/linux/capability.h>. | 1210 | * @cap contains the capability <include/linux/capability.h>. |
1211 | * @audit: Whether to write an audit message or not | ||
1201 | * Return 0 if the capability is granted for @tsk. | 1212 | * Return 0 if the capability is granted for @tsk. |
1202 | * @acct: | 1213 | * @acct: |
1203 | * Check permission before enabling or disabling process accounting. If | 1214 | * Check permission before enabling or disabling process accounting. If |
@@ -1290,7 +1301,9 @@ struct security_operations { | |||
1290 | const kernel_cap_t *effective, | 1301 | const kernel_cap_t *effective, |
1291 | const kernel_cap_t *inheritable, | 1302 | const kernel_cap_t *inheritable, |
1292 | const kernel_cap_t *permitted); | 1303 | const kernel_cap_t *permitted); |
1293 | int (*capable) (struct task_struct *tsk, int cap, int audit); | 1304 | int (*capable) (int cap, int audit); |
1305 | int (*task_capable) (struct task_struct *tsk, const struct cred *cred, | ||
1306 | int cap, int audit); | ||
1294 | int (*acct) (struct file *file); | 1307 | int (*acct) (struct file *file); |
1295 | int (*sysctl) (struct ctl_table *table, int op); | 1308 | int (*sysctl) (struct ctl_table *table, int op); |
1296 | int (*quotactl) (int cmds, int type, int id, struct super_block *sb); | 1309 | int (*quotactl) (int cmds, int type, int id, struct super_block *sb); |
@@ -1556,8 +1569,9 @@ int security_capset(struct cred *new, const struct cred *old, | |||
1556 | const kernel_cap_t *effective, | 1569 | const kernel_cap_t *effective, |
1557 | const kernel_cap_t *inheritable, | 1570 | const kernel_cap_t *inheritable, |
1558 | const kernel_cap_t *permitted); | 1571 | const kernel_cap_t *permitted); |
1559 | int security_capable(struct task_struct *tsk, int cap); | 1572 | int security_capable(int cap); |
1560 | int security_capable_noaudit(struct task_struct *tsk, int cap); | 1573 | int security_task_capable(struct task_struct *tsk, int cap); |
1574 | int security_task_capable_noaudit(struct task_struct *tsk, int cap); | ||
1561 | int security_acct(struct file *file); | 1575 | int security_acct(struct file *file); |
1562 | int security_sysctl(struct ctl_table *table, int op); | 1576 | int security_sysctl(struct ctl_table *table, int op); |
1563 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); | 1577 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); |
@@ -1754,14 +1768,31 @@ static inline int security_capset(struct cred *new, | |||
1754 | return cap_capset(new, old, effective, inheritable, permitted); | 1768 | return cap_capset(new, old, effective, inheritable, permitted); |
1755 | } | 1769 | } |
1756 | 1770 | ||
1757 | static inline int security_capable(struct task_struct *tsk, int cap) | 1771 | static inline int security_capable(int cap) |
1758 | { | 1772 | { |
1759 | return cap_capable(tsk, cap, SECURITY_CAP_AUDIT); | 1773 | return cap_capable(cap, SECURITY_CAP_AUDIT); |
1760 | } | 1774 | } |
1761 | 1775 | ||
1762 | static inline int security_capable_noaudit(struct task_struct *tsk, int cap) | 1776 | static inline int security_task_capable(struct task_struct *tsk, int cap) |
1763 | { | 1777 | { |
1764 | return cap_capable(tsk, cap, SECURITY_CAP_NOAUDIT); | 1778 | int ret; |
1779 | |||
1780 | rcu_read_lock(); | ||
1781 | ret = cap_task_capable(tsk, __task_cred(tsk), cap, SECURITY_CAP_AUDIT); | ||
1782 | rcu_read_unlock(); | ||
1783 | return ret; | ||
1784 | } | ||
1785 | |||
1786 | static inline | ||
1787 | int security_task_capable_noaudit(struct task_struct *tsk, int cap) | ||
1788 | { | ||
1789 | int ret; | ||
1790 | |||
1791 | rcu_read_lock(); | ||
1792 | ret = cap_task_capable(tsk, __task_cred(tsk), cap, | ||
1793 | SECURITY_CAP_NOAUDIT); | ||
1794 | rcu_read_unlock(); | ||
1795 | return ret; | ||
1765 | } | 1796 | } |
1766 | 1797 | ||
1767 | static inline int security_acct(struct file *file) | 1798 | static inline int security_acct(struct file *file) |
diff --git a/kernel/capability.c b/kernel/capability.c index 36b4b4daebec..df62f53f84ac 100644 --- a/kernel/capability.c +++ b/kernel/capability.c | |||
@@ -308,7 +308,7 @@ int capable(int cap) | |||
308 | BUG(); | 308 | BUG(); |
309 | } | 309 | } |
310 | 310 | ||
311 | if (has_capability(current, cap)) { | 311 | if (security_capable(cap) == 0) { |
312 | current->flags |= PF_SUPERPRIV; | 312 | current->flags |= PF_SUPERPRIV; |
313 | return 1; | 313 | return 1; |
314 | } | 314 | } |
diff --git a/security/capability.c b/security/capability.c index 2dce66fcb992..fd1493da4f8d 100644 --- a/security/capability.c +++ b/security/capability.c | |||
@@ -826,6 +826,7 @@ void security_fixup_ops(struct security_operations *ops) | |||
826 | set_to_cap_if_null(ops, capset); | 826 | set_to_cap_if_null(ops, capset); |
827 | set_to_cap_if_null(ops, acct); | 827 | set_to_cap_if_null(ops, acct); |
828 | set_to_cap_if_null(ops, capable); | 828 | set_to_cap_if_null(ops, capable); |
829 | set_to_cap_if_null(ops, task_capable); | ||
829 | set_to_cap_if_null(ops, quotactl); | 830 | set_to_cap_if_null(ops, quotactl); |
830 | set_to_cap_if_null(ops, quota_on); | 831 | set_to_cap_if_null(ops, quota_on); |
831 | set_to_cap_if_null(ops, sysctl); | 832 | set_to_cap_if_null(ops, sysctl); |
diff --git a/security/commoncap.c b/security/commoncap.c index 79713545cd63..7f0b2a68717d 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
@@ -43,28 +43,44 @@ int cap_netlink_recv(struct sk_buff *skb, int cap) | |||
43 | EXPORT_SYMBOL(cap_netlink_recv); | 43 | EXPORT_SYMBOL(cap_netlink_recv); |
44 | 44 | ||
45 | /** | 45 | /** |
46 | * cap_capable - Determine whether a task has a particular effective capability | 46 | * cap_capable - Determine whether current has a particular effective capability |
47 | * @tsk: The task to query | ||
48 | * @cap: The capability to check for | 47 | * @cap: The capability to check for |
49 | * @audit: Whether to write an audit message or not | 48 | * @audit: Whether to write an audit message or not |
50 | * | 49 | * |
51 | * Determine whether the nominated task has the specified capability amongst | 50 | * Determine whether the nominated task has the specified capability amongst |
52 | * its effective set, returning 0 if it does, -ve if it does not. | 51 | * its effective set, returning 0 if it does, -ve if it does not. Note that |
52 | * this uses current's subjective/effective credentials. | ||
53 | * | 53 | * |
54 | * NOTE WELL: cap_capable() cannot be used like the kernel's capable() | 54 | * NOTE WELL: cap_capable() cannot be used like the kernel's capable() |
55 | * function. That is, it has the reverse semantics: cap_capable() returns 0 | 55 | * function. That is, it has the reverse semantics: cap_capable() returns 0 |
56 | * when a task has a capability, but the kernel's capable() returns 1 for this | 56 | * when a task has a capability, but the kernel's capable() returns 1 for this |
57 | * case. | 57 | * case. |
58 | */ | 58 | */ |
59 | int cap_capable(struct task_struct *tsk, int cap, int audit) | 59 | int cap_capable(int cap, int audit) |
60 | { | 60 | { |
61 | __u32 cap_raised; | 61 | return cap_raised(current_cap(), cap) ? 0 : -EPERM; |
62 | } | ||
62 | 63 | ||
63 | /* Derived from include/linux/sched.h:capable. */ | 64 | /** |
64 | rcu_read_lock(); | 65 | * cap_has_capability - Determine whether a task has a particular effective capability |
65 | cap_raised = cap_raised(__task_cred(tsk)->cap_effective, cap); | 66 | * @tsk: The task to query |
66 | rcu_read_unlock(); | 67 | * @cred: The credentials to use |
67 | return cap_raised ? 0 : -EPERM; | 68 | * @cap: The capability to check for |
69 | * @audit: Whether to write an audit message or not | ||
70 | * | ||
71 | * Determine whether the nominated task has the specified capability amongst | ||
72 | * its effective set, returning 0 if it does, -ve if it does not. Note that | ||
73 | * this uses the task's objective/real credentials. | ||
74 | * | ||
75 | * NOTE WELL: cap_has_capability() cannot be used like the kernel's | ||
76 | * has_capability() function. That is, it has the reverse semantics: | ||
77 | * cap_has_capability() returns 0 when a task has a capability, but the | ||
78 | * kernel's has_capability() returns 1 for this case. | ||
79 | */ | ||
80 | int cap_task_capable(struct task_struct *tsk, const struct cred *cred, int cap, | ||
81 | int audit) | ||
82 | { | ||
83 | return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM; | ||
68 | } | 84 | } |
69 | 85 | ||
70 | /** | 86 | /** |
@@ -160,7 +176,7 @@ static inline int cap_inh_is_capped(void) | |||
160 | /* they are so limited unless the current task has the CAP_SETPCAP | 176 | /* they are so limited unless the current task has the CAP_SETPCAP |
161 | * capability | 177 | * capability |
162 | */ | 178 | */ |
163 | if (cap_capable(current, CAP_SETPCAP, SECURITY_CAP_AUDIT) == 0) | 179 | if (cap_capable(CAP_SETPCAP, SECURITY_CAP_AUDIT) == 0) |
164 | return 0; | 180 | return 0; |
165 | #endif | 181 | #endif |
166 | return 1; | 182 | return 1; |
@@ -869,7 +885,7 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, | |||
869 | & (new->securebits ^ arg2)) /*[1]*/ | 885 | & (new->securebits ^ arg2)) /*[1]*/ |
870 | || ((new->securebits & SECURE_ALL_LOCKS & ~arg2)) /*[2]*/ | 886 | || ((new->securebits & SECURE_ALL_LOCKS & ~arg2)) /*[2]*/ |
871 | || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/ | 887 | || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/ |
872 | || (cap_capable(current, CAP_SETPCAP, SECURITY_CAP_AUDIT) != 0) /*[4]*/ | 888 | || (cap_capable(CAP_SETPCAP, SECURITY_CAP_AUDIT) != 0) /*[4]*/ |
873 | /* | 889 | /* |
874 | * [1] no changing of bits that are locked | 890 | * [1] no changing of bits that are locked |
875 | * [2] no unlocking of locks | 891 | * [2] no unlocking of locks |
@@ -950,7 +966,7 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages) | |||
950 | { | 966 | { |
951 | int cap_sys_admin = 0; | 967 | int cap_sys_admin = 0; |
952 | 968 | ||
953 | if (cap_capable(current, CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT) == 0) | 969 | if (cap_capable(CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT) == 0) |
954 | cap_sys_admin = 1; | 970 | cap_sys_admin = 1; |
955 | return __vm_enough_memory(mm, pages, cap_sys_admin); | 971 | return __vm_enough_memory(mm, pages, cap_sys_admin); |
956 | } | 972 | } |
diff --git a/security/root_plug.c b/security/root_plug.c index 40fb4f15e27b..559578f8ac66 100644 --- a/security/root_plug.c +++ b/security/root_plug.c | |||
@@ -77,6 +77,7 @@ static struct security_operations rootplug_security_ops = { | |||
77 | .capget = cap_capget, | 77 | .capget = cap_capget, |
78 | .capset = cap_capset, | 78 | .capset = cap_capset, |
79 | .capable = cap_capable, | 79 | .capable = cap_capable, |
80 | .task_capable = cap_task_capable, | ||
80 | 81 | ||
81 | .bprm_set_creds = cap_bprm_set_creds, | 82 | .bprm_set_creds = cap_bprm_set_creds, |
82 | 83 | ||
diff --git a/security/security.c b/security/security.c index d85dbb37c972..9bbc8e57b8c6 100644 --- a/security/security.c +++ b/security/security.c | |||
@@ -154,14 +154,31 @@ int security_capset(struct cred *new, const struct cred *old, | |||
154 | effective, inheritable, permitted); | 154 | effective, inheritable, permitted); |
155 | } | 155 | } |
156 | 156 | ||
157 | int security_capable(struct task_struct *tsk, int cap) | 157 | int security_capable(int cap) |
158 | { | 158 | { |
159 | return security_ops->capable(tsk, cap, SECURITY_CAP_AUDIT); | 159 | return security_ops->capable(cap, SECURITY_CAP_AUDIT); |
160 | } | 160 | } |
161 | 161 | ||
162 | int security_capable_noaudit(struct task_struct *tsk, int cap) | 162 | int security_task_capable(struct task_struct *tsk, int cap) |
163 | { | 163 | { |
164 | return security_ops->capable(tsk, cap, SECURITY_CAP_NOAUDIT); | 164 | const struct cred *cred; |
165 | int ret; | ||
166 | |||
167 | cred = get_task_cred(tsk); | ||
168 | ret = security_ops->task_capable(tsk, cred, cap, SECURITY_CAP_AUDIT); | ||
169 | put_cred(cred); | ||
170 | return ret; | ||
171 | } | ||
172 | |||
173 | int security_task_capable_noaudit(struct task_struct *tsk, int cap) | ||
174 | { | ||
175 | const struct cred *cred; | ||
176 | int ret; | ||
177 | |||
178 | cred = get_task_cred(tsk); | ||
179 | ret = security_ops->task_capable(tsk, cred, cap, SECURITY_CAP_NOAUDIT); | ||
180 | put_cred(cred); | ||
181 | return ret; | ||
165 | } | 182 | } |
166 | 183 | ||
167 | int security_acct(struct file *file) | 184 | int security_acct(struct file *file) |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index df30a7555d8a..eb6c45107a05 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -1433,12 +1433,13 @@ static int current_has_perm(const struct task_struct *tsk, | |||
1433 | 1433 | ||
1434 | /* Check whether a task is allowed to use a capability. */ | 1434 | /* Check whether a task is allowed to use a capability. */ |
1435 | static int task_has_capability(struct task_struct *tsk, | 1435 | static int task_has_capability(struct task_struct *tsk, |
1436 | const struct cred *cred, | ||
1436 | int cap, int audit) | 1437 | int cap, int audit) |
1437 | { | 1438 | { |
1438 | struct avc_audit_data ad; | 1439 | struct avc_audit_data ad; |
1439 | struct av_decision avd; | 1440 | struct av_decision avd; |
1440 | u16 sclass; | 1441 | u16 sclass; |
1441 | u32 sid = task_sid(tsk); | 1442 | u32 sid = cred_sid(cred); |
1442 | u32 av = CAP_TO_MASK(cap); | 1443 | u32 av = CAP_TO_MASK(cap); |
1443 | int rc; | 1444 | int rc; |
1444 | 1445 | ||
@@ -1865,15 +1866,27 @@ static int selinux_capset(struct cred *new, const struct cred *old, | |||
1865 | return cred_has_perm(old, new, PROCESS__SETCAP); | 1866 | return cred_has_perm(old, new, PROCESS__SETCAP); |
1866 | } | 1867 | } |
1867 | 1868 | ||
1868 | static int selinux_capable(struct task_struct *tsk, int cap, int audit) | 1869 | static int selinux_capable(int cap, int audit) |
1870 | { | ||
1871 | int rc; | ||
1872 | |||
1873 | rc = secondary_ops->capable(cap, audit); | ||
1874 | if (rc) | ||
1875 | return rc; | ||
1876 | |||
1877 | return task_has_capability(current, current_cred(), cap, audit); | ||
1878 | } | ||
1879 | |||
1880 | static int selinux_task_capable(struct task_struct *tsk, | ||
1881 | const struct cred *cred, int cap, int audit) | ||
1869 | { | 1882 | { |
1870 | int rc; | 1883 | int rc; |
1871 | 1884 | ||
1872 | rc = secondary_ops->capable(tsk, cap, audit); | 1885 | rc = secondary_ops->task_capable(tsk, cred, cap, audit); |
1873 | if (rc) | 1886 | if (rc) |
1874 | return rc; | 1887 | return rc; |
1875 | 1888 | ||
1876 | return task_has_capability(tsk, cap, audit); | 1889 | return task_has_capability(tsk, cred, cap, audit); |
1877 | } | 1890 | } |
1878 | 1891 | ||
1879 | static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid) | 1892 | static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid) |
@@ -2037,7 +2050,7 @@ static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) | |||
2037 | { | 2050 | { |
2038 | int rc, cap_sys_admin = 0; | 2051 | int rc, cap_sys_admin = 0; |
2039 | 2052 | ||
2040 | rc = selinux_capable(current, CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT); | 2053 | rc = selinux_capable(CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT); |
2041 | if (rc == 0) | 2054 | if (rc == 0) |
2042 | cap_sys_admin = 1; | 2055 | cap_sys_admin = 1; |
2043 | 2056 | ||
@@ -2880,7 +2893,7 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name | |||
2880 | * and lack of permission just means that we fall back to the | 2893 | * and lack of permission just means that we fall back to the |
2881 | * in-core context value, not a denial. | 2894 | * in-core context value, not a denial. |
2882 | */ | 2895 | */ |
2883 | error = selinux_capable(current, CAP_MAC_ADMIN, SECURITY_CAP_NOAUDIT); | 2896 | error = selinux_capable(CAP_MAC_ADMIN, SECURITY_CAP_NOAUDIT); |
2884 | if (!error) | 2897 | if (!error) |
2885 | error = security_sid_to_context_force(isec->sid, &context, | 2898 | error = security_sid_to_context_force(isec->sid, &context, |
2886 | &size); | 2899 | &size); |
@@ -5568,6 +5581,7 @@ static struct security_operations selinux_ops = { | |||
5568 | .capset = selinux_capset, | 5581 | .capset = selinux_capset, |
5569 | .sysctl = selinux_sysctl, | 5582 | .sysctl = selinux_sysctl, |
5570 | .capable = selinux_capable, | 5583 | .capable = selinux_capable, |
5584 | .task_capable = selinux_task_capable, | ||
5571 | .quotactl = selinux_quotactl, | 5585 | .quotactl = selinux_quotactl, |
5572 | .quota_on = selinux_quota_on, | 5586 | .quota_on = selinux_quota_on, |
5573 | .syslog = selinux_syslog, | 5587 | .syslog = selinux_syslog, |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 6bfaba6177c2..7f12cc7015b6 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
@@ -2827,6 +2827,7 @@ struct security_operations smack_ops = { | |||
2827 | .capget = cap_capget, | 2827 | .capget = cap_capget, |
2828 | .capset = cap_capset, | 2828 | .capset = cap_capset, |
2829 | .capable = cap_capable, | 2829 | .capable = cap_capable, |
2830 | .task_capable = cap_task_capable, | ||
2830 | .syslog = smack_syslog, | 2831 | .syslog = smack_syslog, |
2831 | .settime = cap_settime, | 2832 | .settime = cap_settime, |
2832 | .vm_enough_memory = cap_vm_enough_memory, | 2833 | .vm_enough_memory = cap_vm_enough_memory, |