[PATCH v3 5/8] fs: use new capable_any functionality

Christian Brauner brauner at kernel.org
Tue Jun 28 12:56:59 UTC 2022


On Wed, Jun 15, 2022 at 05:26:19PM +0200, Christian Göttsche wrote:
> Use the new added capable_any function in appropriate cases, where a
> task is required to have any of two capabilities.
> 
> Signed-off-by: Christian Göttsche <cgzones at googlemail.com>
> ---

Not seeing the whole patch series so it's a bit difficult to judge but
in general we've needed something like this for quite some time.

> v3:
>    rename to capable_any()
> ---
>  fs/pipe.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/pipe.c b/fs/pipe.c
> index 74ae9fafd25a..18ab3baeec44 100644
> --- a/fs/pipe.c
> +++ b/fs/pipe.c
> @@ -776,7 +776,7 @@ bool too_many_pipe_buffers_hard(unsigned long user_bufs)
>  
>  bool pipe_is_unprivileged_user(void)
>  {
> -	return !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN);
> +	return !capable_any(CAP_SYS_RESOURCE, CAP_SYS_ADMIN);
>  }
>  
>  struct pipe_inode_info *alloc_pipe_info(void)
> -- 
> 2.36.1
> 



More information about the Linux-security-module-archive mailing list