diff options
Diffstat (limited to 'security/apparmor')
| -rw-r--r-- | security/apparmor/lsm.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index d21a427a35ae..ae3a698415e6 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c | |||
| @@ -22,6 +22,7 @@ | |||
| 22 | #include <linux/ctype.h> | 22 | #include <linux/ctype.h> |
| 23 | #include <linux/sysctl.h> | 23 | #include <linux/sysctl.h> |
| 24 | #include <linux/audit.h> | 24 | #include <linux/audit.h> |
| 25 | #include <linux/user_namespace.h> | ||
| 25 | #include <net/sock.h> | 26 | #include <net/sock.h> |
| 26 | 27 | ||
| 27 | #include "include/apparmor.h" | 28 | #include "include/apparmor.h" |
| @@ -136,11 +137,11 @@ static int apparmor_capget(struct task_struct *target, kernel_cap_t *effective, | |||
| 136 | } | 137 | } |
| 137 | 138 | ||
| 138 | static int apparmor_capable(struct task_struct *task, const struct cred *cred, | 139 | static int apparmor_capable(struct task_struct *task, const struct cred *cred, |
| 139 | int cap, int audit) | 140 | struct user_namespace *ns, int cap, int audit) |
| 140 | { | 141 | { |
| 141 | struct aa_profile *profile; | 142 | struct aa_profile *profile; |
| 142 | /* cap_capable returns 0 on success, else -EPERM */ | 143 | /* cap_capable returns 0 on success, else -EPERM */ |
| 143 | int error = cap_capable(task, cred, cap, audit); | 144 | int error = cap_capable(task, cred, ns, cap, audit); |
| 144 | if (!error) { | 145 | if (!error) { |
| 145 | profile = aa_cred_profile(cred); | 146 | profile = aa_cred_profile(cred); |
| 146 | if (!unconfined(profile)) | 147 | if (!unconfined(profile)) |