summaryrefslogtreecommitdiff
path: root/kernel/capability.c
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2012-01-03 17:25:15 (GMT)
committerEric Paris <eparis@redhat.com>2012-01-05 23:52:55 (GMT)
commit2920a8409de5a51575d03deca07e5bb2be6fc98d (patch)
tree1f16eba518068e7096b6ff200c09d3d31e285586 /kernel/capability.c
parentc7eba4a97563fd8b431787f7ad623444f2da80c6 (diff)
downloadlinux-3.10-2920a8409de5a51575d03deca07e5bb2be6fc98d.zip
linux-3.10-2920a8409de5a51575d03deca07e5bb2be6fc98d.tar.gz
linux-3.10-2920a8409de5a51575d03deca07e5bb2be6fc98d.tar.bz2
capabilities: remove all _real_ interfaces
The name security_real_capable and security_real_capable_noaudit just don't make much sense to me. Convert them to use security_capable and security_capable_noaudit. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>
Diffstat (limited to 'kernel/capability.c')
-rw-r--r--kernel/capability.c18
1 files changed, 15 insertions, 3 deletions
diff --git a/kernel/capability.c b/kernel/capability.c
index d983927..ff50ab6 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -298,7 +298,11 @@ error:
*/
bool has_capability(struct task_struct *t, int cap)
{
- int ret = security_real_capable(t, &init_user_ns, cap);
+ int ret;
+
+ rcu_read_lock();
+ ret = security_capable(__task_cred(t), &init_user_ns, cap);
+ rcu_read_unlock();
return (ret == 0);
}
@@ -317,7 +321,11 @@ bool has_capability(struct task_struct *t, int cap)
bool has_ns_capability(struct task_struct *t,
struct user_namespace *ns, int cap)
{
- int ret = security_real_capable(t, ns, cap);
+ int ret;
+
+ rcu_read_lock();
+ ret = security_capable(__task_cred(t), ns, cap);
+ rcu_read_unlock();
return (ret == 0);
}
@@ -335,7 +343,11 @@ bool has_ns_capability(struct task_struct *t,
*/
bool has_capability_noaudit(struct task_struct *t, int cap)
{
- int ret = security_real_capable_noaudit(t, &init_user_ns, cap);
+ int ret;
+
+ rcu_read_lock();
+ ret = security_capable_noaudit(__task_cred(t), &init_user_ns, cap);
+ rcu_read_unlock();
return (ret == 0);
}