[PATCH] security/commoncap: Use current_user_ns()

Denis Efremov efremov at linux.com
Mon Aug 24 12:49:39 UTC 2020


Modify cap_inh_is_capped(), cap_task_prctl() to use current_user_ns().

Signed-off-by: Denis Efremov <efremov at linux.com>
---
 security/commoncap.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/security/commoncap.c b/security/commoncap.c
index 59bf3c1674c8..82a61f77c07c 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -220,7 +220,7 @@ static inline int cap_inh_is_capped(void)
 	/* they are so limited unless the current task has the CAP_SETPCAP
 	 * capability
 	 */
-	if (cap_capable(current_cred(), current_cred()->user_ns,
+	if (cap_capable(current_cred(), current_user_ns(),
 			CAP_SETPCAP, CAP_OPT_NONE) == 0)
 		return 0;
 	return 1;
@@ -1206,7 +1206,7 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
 		    || ((old->securebits & SECURE_ALL_LOCKS & ~arg2))	/*[2]*/
 		    || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS))	/*[3]*/
 		    || (cap_capable(current_cred(),
-				    current_cred()->user_ns,
+				    current_user_ns(),
 				    CAP_SETPCAP,
 				    CAP_OPT_NONE) != 0)			/*[4]*/
 			/*
-- 
2.26.2



More information about the Linux-security-module-archive mailing list