capabitlies: ns_capable can use the cap helpers rather than lsm call · d2a7009f0b - Gogs

capabitlies: ns_capable can use the cap helpers rather than lsm call

Just to reduce the number of places to change if we every change the LSM
hook, use the capability helpers internally when possible.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>

Eric Paris 13 年之前

父节点

105ddf49cd

当前提交

d2a7009f0b

共有 1 个文件被更改，包括 1 次插入 和 1 次删除

分列视图显示文件统计

						
							+ 1
							
							- 1
						
kernel/capability.c
							 
								查看文件
							
				@@ -384,7 +384,7 @@ bool ns_capable(struct user_namespace *ns, int cap)
			
				 		BUG();
			
				 	}
			
				-	if (security_capable(current_cred(), ns, cap) == 0) {
			
				+	if (has_ns_capability(current, ns, cap)) {
			
				 		current->flags |= PF_SUPERPRIV;
			
				 		return true;
			
				 	}