[RFC PATCH 2/2] capability: use new capable_or functionality
Alexei Starovoitov
alexei.starovoitov at gmail.com
Thu Feb 17 17:29:54 UTC 2022
On Thu, Feb 17, 2022 at 6:50 AM Christian Göttsche
<cgzones at googlemail.com> wrote:
>
> Use the new added capable_or macro in appropriate cases, where a task
> is required to have any of two capabilities.
>
> Reorder CAP_SYS_ADMIN last.
>
> TODO: split into subsystem patches.
Yes. Please.
The bpf side picked the existing order because we were aware
of that selinux issue.
Looks like there is no good order that works for all.
So the new helper makes a lot of sense.
> Fixes: 94c4b4fd25e6 ("block: Check ADMIN before NICE for IOPRIO_CLASS_RT")
More information about the Linux-security-module-archive
mailing list