[PATCH v3 5/8] fs: use new capable_any functionality
Christian Brauner
brauner at kernel.org
Tue Jun 28 12:56:59 UTC 2022
On Wed, Jun 15, 2022 at 05:26:19PM +0200, Christian Göttsche wrote:
> Use the new added capable_any function in appropriate cases, where a
> task is required to have any of two capabilities.
>
> Signed-off-by: Christian Göttsche <cgzones at googlemail.com>
> ---
Not seeing the whole patch series so it's a bit difficult to judge but
in general we've needed something like this for quite some time.
> v3:
> rename to capable_any()
> ---
> fs/pipe.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/pipe.c b/fs/pipe.c
> index 74ae9fafd25a..18ab3baeec44 100644
> --- a/fs/pipe.c
> +++ b/fs/pipe.c
> @@ -776,7 +776,7 @@ bool too_many_pipe_buffers_hard(unsigned long user_bufs)
>
> bool pipe_is_unprivileged_user(void)
> {
> - return !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN);
> + return !capable_any(CAP_SYS_RESOURCE, CAP_SYS_ADMIN);
> }
>
> struct pipe_inode_info *alloc_pipe_info(void)
> --
> 2.36.1
>
More information about the Linux-security-module-archive
mailing list