2 files changed, 9 insertions, 14 deletions
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 16ee8b49a200..d4675af963fa 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -546,18 +546,7 @@ extern bool has_capability_noaudit(struct task_struct *t, int cap);
 extern bool capable(int cap);
 extern bool ns_capable(struct user_namespace *ns, int cap);
 extern bool task_ns_capable(struct task_struct *t, int cap);
+extern bool nsown_capable(int cap);
-/**
- * nsown_capable - Check superior capability to one's own user_ns
- * @cap: The capability in question
- *
- * Return true if the current task has the given superior capability
- * targeted at its own user namespace.
- */
-static inline bool nsown_capable(int cap)
-{
-        return ns_capable(current_user_ns(), cap);
-}
 /* audit system wants to get cap info from files as well */
 extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
diff --git a/include/linux/cred.h b/include/linux/cred.h
index 9aeeb0ba2003..be16b61283cc 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -146,6 +146,7 @@ struct cred {
        void            *security;      /* subjective LSM security */
 #endif
        struct user_struct *user;       /* real user ID subscription */
+        struct user_namespace *user_ns; /* cached user->user_ns */
        struct group_info *group_info;  /* supplementary groups for euid/fsgid */
        struct rcu_head rcu;            /* RCU deletion hook */
 };
@@ -354,10 +355,15 @@ static inline void put_cred(const struct cred *_cred)
 #define current_fsgid()         (current_cred_xxx(fsgid))
 #define current_cap()           (current_cred_xxx(cap_effective))
 #define current_user()          (current_cred_xxx(user))
-#define _current_user_ns()      (current_cred_xxx(user)->user_ns)
 #define current_security()      (current_cred_xxx(security))
-extern struct user_namespace *current_user_ns(void);
+#ifdef CONFIG_USER_NS
+#define current_user_ns() (current_cred_xxx(user_ns))
+#else
+extern struct user_namespace init_user_ns;
+#define current_user_ns() (&init_user_ns)
+#endif
 #define current_uid_gid(_uid, _gid)             \
 do {                                            \

diff --git a/include/linux/capability.h b/include/linux/capability.h index 16ee8b49a200..d4675af963fa 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h
@@ -546,18 +546,7 @@ extern bool has_capability_noaudit(struct task_struct *t, int cap);
546	extern bool capable(int cap);	546	extern bool capable(int cap);
547	extern bool ns_capable(struct user_namespace *ns, int cap);	547	extern bool ns_capable(struct user_namespace *ns, int cap);
548	extern bool task_ns_capable(struct task_struct *t, int cap);	548	extern bool task_ns_capable(struct task_struct *t, int cap);
549		549	extern bool nsown_capable(int cap);
550	/**
551	* nsown_capable - Check superior capability to one's own user_ns
552	* @cap: The capability in question
553	*
554	* Return true if the current task has the given superior capability
555	* targeted at its own user namespace.
556	*/
557	static inline bool nsown_capable(int cap)
558	{
559	return ns_capable(current_user_ns(), cap);
560	}
561		550
562	/* audit system wants to get cap info from files as well */	551	/* audit system wants to get cap info from files as well */
563	extern int get_vfs_caps_from_disk(const struct dentry dentry, struct cpu_vfs_cap_data cpu_caps);	552	extern int get_vfs_caps_from_disk(const struct dentry dentry, struct cpu_vfs_cap_data cpu_caps);


diff --git a/include/linux/cred.h b/include/linux/cred.h index 9aeeb0ba2003..be16b61283cc 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h
@@ -146,6 +146,7 @@ struct cred {
146	void security; / subjective LSM security */	146	void security; / subjective LSM security */
147	#endif	147	#endif
148	struct user_struct user; / real user ID subscription */	148	struct user_struct user; / real user ID subscription */
		149	struct user_namespace user_ns; / cached user->user_ns */
149	struct group_info group_info; / supplementary groups for euid/fsgid */	150	struct group_info group_info; / supplementary groups for euid/fsgid */
150	struct rcu_head rcu; /* RCU deletion hook */	151	struct rcu_head rcu; /* RCU deletion hook */
151	};	152	};
@@ -354,10 +355,15 @@ static inline void put_cred(const struct cred *_cred)
354	#define current_fsgid() (current_cred_xxx(fsgid))	355	#define current_fsgid() (current_cred_xxx(fsgid))
355	#define current_cap() (current_cred_xxx(cap_effective))	356	#define current_cap() (current_cred_xxx(cap_effective))
356	#define current_user() (current_cred_xxx(user))	357	#define current_user() (current_cred_xxx(user))
357	#define _current_user_ns() (current_cred_xxx(user)->user_ns)
358	#define current_security() (current_cred_xxx(security))	358	#define current_security() (current_cred_xxx(security))
359		359
360	extern struct user_namespace *current_user_ns(void);	360	#ifdef CONFIG_USER_NS
		361	#define current_user_ns() (current_cred_xxx(user_ns))
		362	#else
		363	extern struct user_namespace init_user_ns;
		364	#define current_user_ns() (&init_user_ns)
		365	#endif
		366
361		367
362	#define current_uid_gid(_uid, _gid) \	368	#define current_uid_gid(_uid, _gid) \
363	do { \	369	do { \