1 files changed, 17 insertions, 32 deletions
diff --git a/include/linux/capability.h b/include/linux/capability.h
index fb16a3699b99..d4675af963fa 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -368,6 +368,15 @@ struct cpu_vfs_cap_data {
 #ifdef __KERNEL__
+struct dentry;
+struct user_namespace;
+struct user_namespace *current_user_ns(void);
+extern const kernel_cap_t __cap_empty_set;
+extern const kernel_cap_t __cap_full_set;
+extern const kernel_cap_t __cap_init_eff_set;
 /*
 * Internal kernel functions only
 */
@@ -530,40 +539,16 @@ static inline kernel_cap_t cap_raise_nfsd_set(const kernel_cap_t a,
                           cap_intersect(permitted, __cap_nfsd_set));
 }
-extern const kernel_cap_t __cap_empty_set;
+extern bool has_capability(struct task_struct *t, int cap);
-extern const kernel_cap_t __cap_full_set;
+extern bool has_ns_capability(struct task_struct *t,
-extern const kernel_cap_t __cap_init_eff_set;
+                              struct user_namespace *ns, int cap);
+extern bool has_capability_noaudit(struct task_struct *t, int cap);
-/**
+extern bool capable(int cap);
- * has_capability - Determine if a task has a superior capability available
+extern bool ns_capable(struct user_namespace *ns, int cap);
- * @t: The task in question
+extern bool task_ns_capable(struct task_struct *t, int cap);
- * @cap: The capability to be tested for
+extern bool nsown_capable(int cap);
- *
- * Return true if the specified task has the given superior capability
- * currently in effect, false if not.
- *
- * Note that this does not set PF_SUPERPRIV on the task.
- */
-#define has_capability(t, cap) (security_real_capable((t), (cap)) == 0)
-/**
- * has_capability_noaudit - Determine if a task has a superior capability available (unaudited)
- * @t: The task in question
- * @cap: The capability to be tested for
- *
- * Return true if the specified task has the given superior capability
- * currently in effect, false if not, but don't write an audit message for the
- * check.
- *
- * Note that this does not set PF_SUPERPRIV on the task.
- */
-#define has_capability_noaudit(t, cap) \
-        (security_real_capable_noaudit((t), (cap)) == 0)
-extern int capable(int cap);
 /* audit system wants to get cap info from files as well */
-struct dentry;
 extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
 #endif /* __KERNEL__ */

diff --git a/include/linux/capability.h b/include/linux/capability.h index fb16a3699b99..d4675af963fa 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h
@@ -368,6 +368,15 @@ struct cpu_vfs_cap_data {
368		368
369	#ifdef __KERNEL__	369	#ifdef __KERNEL__
370		370
		371	struct dentry;
		372	struct user_namespace;
		373
		374	struct user_namespace *current_user_ns(void);
		375
		376	extern const kernel_cap_t __cap_empty_set;
		377	extern const kernel_cap_t __cap_full_set;
		378	extern const kernel_cap_t __cap_init_eff_set;
		379
371	/*	380	/*
372	* Internal kernel functions only	381	* Internal kernel functions only
373	*/	382	*/
@@ -530,40 +539,16 @@ static inline kernel_cap_t cap_raise_nfsd_set(const kernel_cap_t a,
530	cap_intersect(permitted, __cap_nfsd_set));	539	cap_intersect(permitted, __cap_nfsd_set));
531	}	540	}
532		541
533	extern const kernel_cap_t __cap_empty_set;	542	extern bool has_capability(struct task_struct *t, int cap);
534	extern const kernel_cap_t __cap_full_set;	543	extern bool has_ns_capability(struct task_struct *t,
535	extern const kernel_cap_t __cap_init_eff_set;	544	struct user_namespace *ns, int cap);
536		545	extern bool has_capability_noaudit(struct task_struct *t, int cap);
537	/**	546	extern bool capable(int cap);
538	* has_capability - Determine if a task has a superior capability available	547	extern bool ns_capable(struct user_namespace *ns, int cap);
539	* @t: The task in question	548	extern bool task_ns_capable(struct task_struct *t, int cap);
540	* @cap: The capability to be tested for	549	extern bool nsown_capable(int cap);
541	*
542	* Return true if the specified task has the given superior capability
543	* currently in effect, false if not.
544	*
545	* Note that this does not set PF_SUPERPRIV on the task.
546	*/
547	#define has_capability(t, cap) (security_real_capable((t), (cap)) == 0)
548
549	/**
550	* has_capability_noaudit - Determine if a task has a superior capability available (unaudited)
551	* @t: The task in question
552	* @cap: The capability to be tested for
553	*
554	* Return true if the specified task has the given superior capability
555	* currently in effect, false if not, but don't write an audit message for the
556	* check.
557	*
558	* Note that this does not set PF_SUPERPRIV on the task.
559	*/
560	#define has_capability_noaudit(t, cap) \
561	(security_real_capable_noaudit((t), (cap)) == 0)
562
563	extern int capable(int cap);
564		550
565	/* audit system wants to get cap info from files as well */	551	/* audit system wants to get cap info from files as well */
566	struct dentry;
567	extern int get_vfs_caps_from_disk(const struct dentry dentry, struct cpu_vfs_cap_data cpu_caps);	552	extern int get_vfs_caps_from_disk(const struct dentry dentry, struct cpu_vfs_cap_data cpu_caps);
568		553
569	#endif /* __KERNEL__ */	554	#endif /* __KERNEL__ */