diff options
-rw-r--r-- | include/linux/capability.h | 17 | ||||
-rw-r--r-- | include/linux/security.h | 49 | ||||
-rw-r--r-- | kernel/capability.c | 2 | ||||
-rw-r--r-- | security/capability.c | 1 | ||||
-rw-r--r-- | security/commoncap.c | 42 | ||||
-rw-r--r-- | security/root_plug.c | 1 | ||||
-rw-r--r-- | security/security.c | 25 | ||||
-rw-r--r-- | security/selinux/hooks.c | 26 | ||||
-rw-r--r-- | security/smack/smack_lsm.c | 1 |
9 files changed, 35 insertions, 129 deletions
diff --git a/include/linux/capability.h b/include/linux/capability.h index 5b8a13214451..e22f48c2a46f 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h | |||
@@ -529,21 +529,8 @@ extern const kernel_cap_t __cap_init_eff_set; | |||
529 | * | 529 | * |
530 | * Note that this does not set PF_SUPERPRIV on the task. | 530 | * Note that this does not set PF_SUPERPRIV on the task. |
531 | */ | 531 | */ |
532 | #define has_capability(t, cap) (security_task_capable((t), (cap)) == 0) | 532 | #define has_capability(t, cap) (security_capable((t), (cap)) == 0) |
533 | 533 | #define has_capability_noaudit(t, cap) (security_capable_noaudit((t), (cap)) == 0) | |
534 | /** | ||
535 | * has_capability_noaudit - Determine if a task has a superior capability available (unaudited) | ||
536 | * @t: The task in question | ||
537 | * @cap: The capability to be tested for | ||
538 | * | ||
539 | * Return true if the specified task has the given superior capability | ||
540 | * currently in effect, false if not, but don't write an audit message for the | ||
541 | * check. | ||
542 | * | ||
543 | * Note that this does not set PF_SUPERPRIV on the task. | ||
544 | */ | ||
545 | #define has_capability_noaudit(t, cap) \ | ||
546 | (security_task_capable_noaudit((t), (cap)) == 0) | ||
547 | 534 | ||
548 | extern int capable(int cap); | 535 | extern int capable(int cap); |
549 | 536 | ||
diff --git a/include/linux/security.h b/include/linux/security.h index 76989b8bc34f..3416cb85e77b 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -48,9 +48,7 @@ struct audit_krule; | |||
48 | * These functions are in security/capability.c and are used | 48 | * These functions are in security/capability.c and are used |
49 | * as the default capabilities functions | 49 | * as the default capabilities functions |
50 | */ | 50 | */ |
51 | extern int cap_capable(int cap, int audit); | 51 | extern int cap_capable(struct task_struct *tsk, int cap, int audit); |
52 | extern int cap_task_capable(struct task_struct *tsk, const struct cred *cred, | ||
53 | int cap, int audit); | ||
54 | extern int cap_settime(struct timespec *ts, struct timezone *tz); | 52 | extern int cap_settime(struct timespec *ts, struct timezone *tz); |
55 | extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode); | 53 | extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode); |
56 | extern int cap_ptrace_traceme(struct task_struct *parent); | 54 | extern int cap_ptrace_traceme(struct task_struct *parent); |
@@ -1197,18 +1195,9 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1197 | * @permitted contains the permitted capability set. | 1195 | * @permitted contains the permitted capability set. |
1198 | * Return 0 and update @new if permission is granted. | 1196 | * Return 0 and update @new if permission is granted. |
1199 | * @capable: | 1197 | * @capable: |
1200 | * Check whether the current process has the @cap capability in its | 1198 | * Check whether the @tsk process has the @cap capability. |
1201 | * subjective/effective credentials. | ||
1202 | * @cap contains the capability <include/linux/capability.h>. | ||
1203 | * @audit: Whether to write an audit message or not | ||
1204 | * Return 0 if the capability is granted for @tsk. | ||
1205 | * @task_capable: | ||
1206 | * Check whether the @tsk process has the @cap capability in its | ||
1207 | * objective/real credentials. | ||
1208 | * @tsk contains the task_struct for the process. | 1199 | * @tsk contains the task_struct for the process. |
1209 | * @cred contains the credentials to use. | ||
1210 | * @cap contains the capability <include/linux/capability.h>. | 1200 | * @cap contains the capability <include/linux/capability.h>. |
1211 | * @audit: Whether to write an audit message or not | ||
1212 | * Return 0 if the capability is granted for @tsk. | 1201 | * Return 0 if the capability is granted for @tsk. |
1213 | * @acct: | 1202 | * @acct: |
1214 | * Check permission before enabling or disabling process accounting. If | 1203 | * Check permission before enabling or disabling process accounting. If |
@@ -1301,9 +1290,7 @@ struct security_operations { | |||
1301 | const kernel_cap_t *effective, | 1290 | const kernel_cap_t *effective, |
1302 | const kernel_cap_t *inheritable, | 1291 | const kernel_cap_t *inheritable, |
1303 | const kernel_cap_t *permitted); | 1292 | const kernel_cap_t *permitted); |
1304 | int (*capable) (int cap, int audit); | 1293 | int (*capable) (struct task_struct *tsk, int cap, int audit); |
1305 | int (*task_capable) (struct task_struct *tsk, const struct cred *cred, | ||
1306 | int cap, int audit); | ||
1307 | int (*acct) (struct file *file); | 1294 | int (*acct) (struct file *file); |
1308 | int (*sysctl) (struct ctl_table *table, int op); | 1295 | int (*sysctl) (struct ctl_table *table, int op); |
1309 | int (*quotactl) (int cmds, int type, int id, struct super_block *sb); | 1296 | int (*quotactl) (int cmds, int type, int id, struct super_block *sb); |
@@ -1569,9 +1556,8 @@ int security_capset(struct cred *new, const struct cred *old, | |||
1569 | const kernel_cap_t *effective, | 1556 | const kernel_cap_t *effective, |
1570 | const kernel_cap_t *inheritable, | 1557 | const kernel_cap_t *inheritable, |
1571 | const kernel_cap_t *permitted); | 1558 | const kernel_cap_t *permitted); |
1572 | int security_capable(int cap); | 1559 | int security_capable(struct task_struct *tsk, int cap); |
1573 | int security_task_capable(struct task_struct *tsk, int cap); | 1560 | int security_capable_noaudit(struct task_struct *tsk, int cap); |
1574 | int security_task_capable_noaudit(struct task_struct *tsk, int cap); | ||
1575 | int security_acct(struct file *file); | 1561 | int security_acct(struct file *file); |
1576 | int security_sysctl(struct ctl_table *table, int op); | 1562 | int security_sysctl(struct ctl_table *table, int op); |
1577 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); | 1563 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); |
@@ -1768,31 +1754,14 @@ static inline int security_capset(struct cred *new, | |||
1768 | return cap_capset(new, old, effective, inheritable, permitted); | 1754 | return cap_capset(new, old, effective, inheritable, permitted); |
1769 | } | 1755 | } |
1770 | 1756 | ||
1771 | static inline int security_capable(int cap) | 1757 | static inline int security_capable(struct task_struct *tsk, int cap) |
1772 | { | 1758 | { |
1773 | return cap_capable(cap, SECURITY_CAP_AUDIT); | 1759 | return cap_capable(tsk, cap, SECURITY_CAP_AUDIT); |
1774 | } | 1760 | } |
1775 | 1761 | ||
1776 | static inline int security_task_capable(struct task_struct *tsk, int cap) | 1762 | static inline int security_capable_noaudit(struct task_struct *tsk, int cap) |
1777 | { | 1763 | { |
1778 | int ret; | 1764 | return cap_capable(tsk, cap, SECURITY_CAP_NOAUDIT); |
1779 | |||
1780 | rcu_read_lock(); | ||
1781 | ret = cap_task_capable(tsk, __task_cred(tsk), cap, SECURITY_CAP_AUDIT); | ||
1782 | rcu_read_unlock(); | ||
1783 | return ret; | ||
1784 | } | ||
1785 | |||
1786 | static inline | ||
1787 | int security_task_capable_noaudit(struct task_struct *tsk, int cap) | ||
1788 | { | ||
1789 | int ret; | ||
1790 | |||
1791 | rcu_read_lock(); | ||
1792 | ret = cap_task_capable(tsk, __task_cred(tsk), cap, | ||
1793 | SECURITY_CAP_NOAUDIT); | ||
1794 | rcu_read_unlock(); | ||
1795 | return ret; | ||
1796 | } | 1765 | } |
1797 | 1766 | ||
1798 | static inline int security_acct(struct file *file) | 1767 | static inline int security_acct(struct file *file) |
diff --git a/kernel/capability.c b/kernel/capability.c index df62f53f84ac..36b4b4daebec 100644 --- a/kernel/capability.c +++ b/kernel/capability.c | |||
@@ -308,7 +308,7 @@ int capable(int cap) | |||
308 | BUG(); | 308 | BUG(); |
309 | } | 309 | } |
310 | 310 | ||
311 | if (security_capable(cap) == 0) { | 311 | if (has_capability(current, cap)) { |
312 | current->flags |= PF_SUPERPRIV; | 312 | current->flags |= PF_SUPERPRIV; |
313 | return 1; | 313 | return 1; |
314 | } | 314 | } |
diff --git a/security/capability.c b/security/capability.c index fd1493da4f8d..2dce66fcb992 100644 --- a/security/capability.c +++ b/security/capability.c | |||
@@ -826,7 +826,6 @@ void security_fixup_ops(struct security_operations *ops) | |||
826 | set_to_cap_if_null(ops, capset); | 826 | set_to_cap_if_null(ops, capset); |
827 | set_to_cap_if_null(ops, acct); | 827 | set_to_cap_if_null(ops, acct); |
828 | set_to_cap_if_null(ops, capable); | 828 | set_to_cap_if_null(ops, capable); |
829 | set_to_cap_if_null(ops, task_capable); | ||
830 | set_to_cap_if_null(ops, quotactl); | 829 | set_to_cap_if_null(ops, quotactl); |
831 | set_to_cap_if_null(ops, quota_on); | 830 | set_to_cap_if_null(ops, quota_on); |
832 | set_to_cap_if_null(ops, sysctl); | 831 | set_to_cap_if_null(ops, sysctl); |
diff --git a/security/commoncap.c b/security/commoncap.c index 7f0b2a68717d..79713545cd63 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
@@ -43,44 +43,28 @@ int cap_netlink_recv(struct sk_buff *skb, int cap) | |||
43 | EXPORT_SYMBOL(cap_netlink_recv); | 43 | EXPORT_SYMBOL(cap_netlink_recv); |
44 | 44 | ||
45 | /** | 45 | /** |
46 | * cap_capable - Determine whether current has a particular effective capability | 46 | * cap_capable - Determine whether a task has a particular effective capability |
47 | * @tsk: The task to query | ||
47 | * @cap: The capability to check for | 48 | * @cap: The capability to check for |
48 | * @audit: Whether to write an audit message or not | 49 | * @audit: Whether to write an audit message or not |
49 | * | 50 | * |
50 | * Determine whether the nominated task has the specified capability amongst | 51 | * Determine whether the nominated task has the specified capability amongst |
51 | * its effective set, returning 0 if it does, -ve if it does not. Note that | 52 | * its effective set, returning 0 if it does, -ve if it does not. |
52 | * this uses current's subjective/effective credentials. | ||
53 | * | 53 | * |
54 | * NOTE WELL: cap_capable() cannot be used like the kernel's capable() | 54 | * NOTE WELL: cap_capable() cannot be used like the kernel's capable() |
55 | * function. That is, it has the reverse semantics: cap_capable() returns 0 | 55 | * function. That is, it has the reverse semantics: cap_capable() returns 0 |
56 | * when a task has a capability, but the kernel's capable() returns 1 for this | 56 | * when a task has a capability, but the kernel's capable() returns 1 for this |
57 | * case. | 57 | * case. |
58 | */ | 58 | */ |
59 | int cap_capable(int cap, int audit) | 59 | int cap_capable(struct task_struct *tsk, int cap, int audit) |
60 | { | 60 | { |
61 | return cap_raised(current_cap(), cap) ? 0 : -EPERM; | 61 | __u32 cap_raised; |
62 | } | ||
63 | 62 | ||
64 | /** | 63 | /* Derived from include/linux/sched.h:capable. */ |
65 | * cap_has_capability - Determine whether a task has a particular effective capability | 64 | rcu_read_lock(); |
66 | * @tsk: The task to query | 65 | cap_raised = cap_raised(__task_cred(tsk)->cap_effective, cap); |
67 | * @cred: The credentials to use | 66 | rcu_read_unlock(); |
68 | * @cap: The capability to check for | 67 | return cap_raised ? 0 : -EPERM; |
69 | * @audit: Whether to write an audit message or not | ||
70 | * | ||
71 | * Determine whether the nominated task has the specified capability amongst | ||
72 | * its effective set, returning 0 if it does, -ve if it does not. Note that | ||
73 | * this uses the task's objective/real credentials. | ||
74 | * | ||
75 | * NOTE WELL: cap_has_capability() cannot be used like the kernel's | ||
76 | * has_capability() function. That is, it has the reverse semantics: | ||
77 | * cap_has_capability() returns 0 when a task has a capability, but the | ||
78 | * kernel's has_capability() returns 1 for this case. | ||
79 | */ | ||
80 | int cap_task_capable(struct task_struct *tsk, const struct cred *cred, int cap, | ||
81 | int audit) | ||
82 | { | ||
83 | return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM; | ||
84 | } | 68 | } |
85 | 69 | ||
86 | /** | 70 | /** |
@@ -176,7 +160,7 @@ static inline int cap_inh_is_capped(void) | |||
176 | /* they are so limited unless the current task has the CAP_SETPCAP | 160 | /* they are so limited unless the current task has the CAP_SETPCAP |
177 | * capability | 161 | * capability |
178 | */ | 162 | */ |
179 | if (cap_capable(CAP_SETPCAP, SECURITY_CAP_AUDIT) == 0) | 163 | if (cap_capable(current, CAP_SETPCAP, SECURITY_CAP_AUDIT) == 0) |
180 | return 0; | 164 | return 0; |
181 | #endif | 165 | #endif |
182 | return 1; | 166 | return 1; |
@@ -885,7 +869,7 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, | |||
885 | & (new->securebits ^ arg2)) /*[1]*/ | 869 | & (new->securebits ^ arg2)) /*[1]*/ |
886 | || ((new->securebits & SECURE_ALL_LOCKS & ~arg2)) /*[2]*/ | 870 | || ((new->securebits & SECURE_ALL_LOCKS & ~arg2)) /*[2]*/ |
887 | || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/ | 871 | || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/ |
888 | || (cap_capable(CAP_SETPCAP, SECURITY_CAP_AUDIT) != 0) /*[4]*/ | 872 | || (cap_capable(current, CAP_SETPCAP, SECURITY_CAP_AUDIT) != 0) /*[4]*/ |
889 | /* | 873 | /* |
890 | * [1] no changing of bits that are locked | 874 | * [1] no changing of bits that are locked |
891 | * [2] no unlocking of locks | 875 | * [2] no unlocking of locks |
@@ -966,7 +950,7 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages) | |||
966 | { | 950 | { |
967 | int cap_sys_admin = 0; | 951 | int cap_sys_admin = 0; |
968 | 952 | ||
969 | if (cap_capable(CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT) == 0) | 953 | if (cap_capable(current, CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT) == 0) |
970 | cap_sys_admin = 1; | 954 | cap_sys_admin = 1; |
971 | return __vm_enough_memory(mm, pages, cap_sys_admin); | 955 | return __vm_enough_memory(mm, pages, cap_sys_admin); |
972 | } | 956 | } |
diff --git a/security/root_plug.c b/security/root_plug.c index 559578f8ac66..40fb4f15e27b 100644 --- a/security/root_plug.c +++ b/security/root_plug.c | |||
@@ -77,7 +77,6 @@ static struct security_operations rootplug_security_ops = { | |||
77 | .capget = cap_capget, | 77 | .capget = cap_capget, |
78 | .capset = cap_capset, | 78 | .capset = cap_capset, |
79 | .capable = cap_capable, | 79 | .capable = cap_capable, |
80 | .task_capable = cap_task_capable, | ||
81 | 80 | ||
82 | .bprm_set_creds = cap_bprm_set_creds, | 81 | .bprm_set_creds = cap_bprm_set_creds, |
83 | 82 | ||
diff --git a/security/security.c b/security/security.c index 9bbc8e57b8c6..d85dbb37c972 100644 --- a/security/security.c +++ b/security/security.c | |||
@@ -154,31 +154,14 @@ int security_capset(struct cred *new, const struct cred *old, | |||
154 | effective, inheritable, permitted); | 154 | effective, inheritable, permitted); |
155 | } | 155 | } |
156 | 156 | ||
157 | int security_capable(int cap) | 157 | int security_capable(struct task_struct *tsk, int cap) |
158 | { | 158 | { |
159 | return security_ops->capable(cap, SECURITY_CAP_AUDIT); | 159 | return security_ops->capable(tsk, cap, SECURITY_CAP_AUDIT); |
160 | } | 160 | } |
161 | 161 | ||
162 | int security_task_capable(struct task_struct *tsk, int cap) | 162 | int security_capable_noaudit(struct task_struct *tsk, int cap) |
163 | { | 163 | { |
164 | const struct cred *cred; | 164 | return security_ops->capable(tsk, cap, SECURITY_CAP_NOAUDIT); |
165 | int ret; | ||
166 | |||
167 | cred = get_task_cred(tsk); | ||
168 | ret = security_ops->task_capable(tsk, cred, cap, SECURITY_CAP_AUDIT); | ||
169 | put_cred(cred); | ||
170 | return ret; | ||
171 | } | ||
172 | |||
173 | int security_task_capable_noaudit(struct task_struct *tsk, int cap) | ||
174 | { | ||
175 | const struct cred *cred; | ||
176 | int ret; | ||
177 | |||
178 | cred = get_task_cred(tsk); | ||
179 | ret = security_ops->task_capable(tsk, cred, cap, SECURITY_CAP_NOAUDIT); | ||
180 | put_cred(cred); | ||
181 | return ret; | ||
182 | } | 165 | } |
183 | 166 | ||
184 | int security_acct(struct file *file) | 167 | int security_acct(struct file *file) |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index eb6c45107a05..df30a7555d8a 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -1433,13 +1433,12 @@ static int current_has_perm(const struct task_struct *tsk, | |||
1433 | 1433 | ||
1434 | /* Check whether a task is allowed to use a capability. */ | 1434 | /* Check whether a task is allowed to use a capability. */ |
1435 | static int task_has_capability(struct task_struct *tsk, | 1435 | static int task_has_capability(struct task_struct *tsk, |
1436 | const struct cred *cred, | ||
1437 | int cap, int audit) | 1436 | int cap, int audit) |
1438 | { | 1437 | { |
1439 | struct avc_audit_data ad; | 1438 | struct avc_audit_data ad; |
1440 | struct av_decision avd; | 1439 | struct av_decision avd; |
1441 | u16 sclass; | 1440 | u16 sclass; |
1442 | u32 sid = cred_sid(cred); | 1441 | u32 sid = task_sid(tsk); |
1443 | u32 av = CAP_TO_MASK(cap); | 1442 | u32 av = CAP_TO_MASK(cap); |
1444 | int rc; | 1443 | int rc; |
1445 | 1444 | ||
@@ -1866,27 +1865,15 @@ static int selinux_capset(struct cred *new, const struct cred *old, | |||
1866 | return cred_has_perm(old, new, PROCESS__SETCAP); | 1865 | return cred_has_perm(old, new, PROCESS__SETCAP); |
1867 | } | 1866 | } |
1868 | 1867 | ||
1869 | static int selinux_capable(int cap, int audit) | 1868 | static int selinux_capable(struct task_struct *tsk, int cap, int audit) |
1870 | { | ||
1871 | int rc; | ||
1872 | |||
1873 | rc = secondary_ops->capable(cap, audit); | ||
1874 | if (rc) | ||
1875 | return rc; | ||
1876 | |||
1877 | return task_has_capability(current, current_cred(), cap, audit); | ||
1878 | } | ||
1879 | |||
1880 | static int selinux_task_capable(struct task_struct *tsk, | ||
1881 | const struct cred *cred, int cap, int audit) | ||
1882 | { | 1869 | { |
1883 | int rc; | 1870 | int rc; |
1884 | 1871 | ||
1885 | rc = secondary_ops->task_capable(tsk, cred, cap, audit); | 1872 | rc = secondary_ops->capable(tsk, cap, audit); |
1886 | if (rc) | 1873 | if (rc) |
1887 | return rc; | 1874 | return rc; |
1888 | 1875 | ||
1889 | return task_has_capability(tsk, cred, cap, audit); | 1876 | return task_has_capability(tsk, cap, audit); |
1890 | } | 1877 | } |
1891 | 1878 | ||
1892 | static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid) | 1879 | static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid) |
@@ -2050,7 +2037,7 @@ static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) | |||
2050 | { | 2037 | { |
2051 | int rc, cap_sys_admin = 0; | 2038 | int rc, cap_sys_admin = 0; |
2052 | 2039 | ||
2053 | rc = selinux_capable(CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT); | 2040 | rc = selinux_capable(current, CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT); |
2054 | if (rc == 0) | 2041 | if (rc == 0) |
2055 | cap_sys_admin = 1; | 2042 | cap_sys_admin = 1; |
2056 | 2043 | ||
@@ -2893,7 +2880,7 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name | |||
2893 | * and lack of permission just means that we fall back to the | 2880 | * and lack of permission just means that we fall back to the |
2894 | * in-core context value, not a denial. | 2881 | * in-core context value, not a denial. |
2895 | */ | 2882 | */ |
2896 | error = selinux_capable(CAP_MAC_ADMIN, SECURITY_CAP_NOAUDIT); | 2883 | error = selinux_capable(current, CAP_MAC_ADMIN, SECURITY_CAP_NOAUDIT); |
2897 | if (!error) | 2884 | if (!error) |
2898 | error = security_sid_to_context_force(isec->sid, &context, | 2885 | error = security_sid_to_context_force(isec->sid, &context, |
2899 | &size); | 2886 | &size); |
@@ -5581,7 +5568,6 @@ static struct security_operations selinux_ops = { | |||
5581 | .capset = selinux_capset, | 5568 | .capset = selinux_capset, |
5582 | .sysctl = selinux_sysctl, | 5569 | .sysctl = selinux_sysctl, |
5583 | .capable = selinux_capable, | 5570 | .capable = selinux_capable, |
5584 | .task_capable = selinux_task_capable, | ||
5585 | .quotactl = selinux_quotactl, | 5571 | .quotactl = selinux_quotactl, |
5586 | .quota_on = selinux_quota_on, | 5572 | .quota_on = selinux_quota_on, |
5587 | .syslog = selinux_syslog, | 5573 | .syslog = selinux_syslog, |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 7f12cc7015b6..6bfaba6177c2 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
@@ -2827,7 +2827,6 @@ struct security_operations smack_ops = { | |||
2827 | .capget = cap_capget, | 2827 | .capget = cap_capget, |
2828 | .capset = cap_capset, | 2828 | .capset = cap_capset, |
2829 | .capable = cap_capable, | 2829 | .capable = cap_capable, |
2830 | .task_capable = cap_task_capable, | ||
2831 | .syslog = smack_syslog, | 2830 | .syslog = smack_syslog, |
2832 | .settime = cap_settime, | 2831 | .settime = cap_settime, |
2833 | .vm_enough_memory = cap_vm_enough_memory, | 2832 | .vm_enough_memory = cap_vm_enough_memory, |