2 files changed, 13 insertions, 0 deletions

diff --git a/include/linux/security.h b/include/linux/security.h
index ee969ff40a26..caff54eee686 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1668,6 +1668,8 @@ int security_capset(struct cred *new, const struct cred *old,
                     const kernel_cap_t *permitted);
 int security_capable(const struct cred *cred, struct user_namespace *ns,
                         int cap);
+int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
+                             int cap);
 int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
                         int cap);
 int security_real_capable_noaudit(struct task_struct *tsk,
@@ -1869,6 +1871,11 @@ static inline int security_capable(const struct cred *cred,
         return cap_capable(cred, ns, cap, SECURITY_CAP_AUDIT);
 }
 
+static inline int security_capable_noaudit(const struct cred *cred,
+                                           struct user_namespace *ns, int cap) {
+        return cap_capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
+}
+
 static inline int security_real_capable(struct task_struct *tsk, struct user_namespace *ns, int cap)
 {
         int ret;
diff --git a/security/security.c b/security/security.c
index b9e57f4fc44a..b7edaae77d1d 100644
--- a/security/security.c
+++ b/security/security.c
@@ -160,6 +160,12 @@ int security_capable(const struct cred *cred, struct user_namespace *ns,
         return security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT);
 }
 
+int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
+                             int cap)
+{
+        return security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
+}
+
 int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
                           int cap)
 {