| Message ID | 20241219172859.188117-1-linux@treblig.org (mailing list archive) |
|---|---|
| State | Under Review |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | [v2] capability: Remove unused has_capability | expand |
On Thu, Dec 19, 2024 at 12:29 PM <linux@treblig.org> wrote: > > From: "Dr. David Alan Gilbert" <linux@treblig.org> > > The vanilla has_capability() function has been unused since 2018's > commit dcb569cf6ac9 ("Smack: ptrace capability use fixes") > > Remove it. > > Fixup a comment in security/commoncap.c that referenced it. > > Signed-off-by: Dr. David Alan Gilbert <linux@treblig.org> > --- > include/linux/capability.h | 5 ----- > kernel/capability.c | 16 ---------------- > security/commoncap.c | 9 +++++---- > 3 files changed, 5 insertions(+), 25 deletions(-) Now that Serge has the capabilities tree back up and running I'm assuming he will grab this patch, if not just let me know Serge and I can take it. Reviewed-by: Paul Moore <paul@paul-moore.com>
On Thu, Dec 19, 2024 at 1:28 PM Paul Moore <paul@paul-moore.com> wrote: > > On Thu, Dec 19, 2024 at 12:29 PM <linux@treblig.org> wrote: > > > > From: "Dr. David Alan Gilbert" <linux@treblig.org> > > > > The vanilla has_capability() function has been unused since 2018's > > commit dcb569cf6ac9 ("Smack: ptrace capability use fixes") > > > > Remove it. > > > > Fixup a comment in security/commoncap.c that referenced it. > > > > Signed-off-by: Dr. David Alan Gilbert <linux@treblig.org> > > --- > > include/linux/capability.h | 5 ----- > > kernel/capability.c | 16 ---------------- > > security/commoncap.c | 9 +++++---- > > 3 files changed, 5 insertions(+), 25 deletions(-) > > Now that Serge has the capabilities tree back up and running I'm > assuming he will grab this patch, if not just let me know Serge and I > can take it. > > Reviewed-by: Paul Moore <paul@paul-moore.com> Bump this thread to make sure Serge sees it ...
On Wed, Feb 26, 2025 at 07:08:52PM -0500, Paul Moore wrote: > On Thu, Dec 19, 2024 at 1:28 PM Paul Moore <paul@paul-moore.com> wrote: > > > > On Thu, Dec 19, 2024 at 12:29 PM <linux@treblig.org> wrote: > > > > > > From: "Dr. David Alan Gilbert" <linux@treblig.org> > > > > > > The vanilla has_capability() function has been unused since 2018's > > > commit dcb569cf6ac9 ("Smack: ptrace capability use fixes") > > > > > > Remove it. > > > > > > Fixup a comment in security/commoncap.c that referenced it. > > > > > > Signed-off-by: Dr. David Alan Gilbert <linux@treblig.org> > > > --- > > > include/linux/capability.h | 5 ----- > > > kernel/capability.c | 16 ---------------- > > > security/commoncap.c | 9 +++++---- > > > 3 files changed, 5 insertions(+), 25 deletions(-) > > > > Now that Serge has the capabilities tree back up and running I'm > > assuming he will grab this patch, if not just let me know Serge and I > > can take it. > > > > Reviewed-by: Paul Moore <paul@paul-moore.com> > > Bump this thread to make sure Serge sees it ... d'oh, sorry, yes Acked-by: Serge Hallyn <serge@hallyn.com> I will apply this now. -serge
* sergeh@kernel.org (sergeh@kernel.org) wrote: > On Wed, Feb 26, 2025 at 07:08:52PM -0500, Paul Moore wrote: > > On Thu, Dec 19, 2024 at 1:28 PM Paul Moore <paul@paul-moore.com> wrote: > > > > > > On Thu, Dec 19, 2024 at 12:29 PM <linux@treblig.org> wrote: > > > > > > > > From: "Dr. David Alan Gilbert" <linux@treblig.org> > > > > > > > > The vanilla has_capability() function has been unused since 2018's > > > > commit dcb569cf6ac9 ("Smack: ptrace capability use fixes") > > > > > > > > Remove it. > > > > > > > > Fixup a comment in security/commoncap.c that referenced it. > > > > > > > > Signed-off-by: Dr. David Alan Gilbert <linux@treblig.org> > > > > --- > > > > include/linux/capability.h | 5 ----- > > > > kernel/capability.c | 16 ---------------- > > > > security/commoncap.c | 9 +++++---- > > > > 3 files changed, 5 insertions(+), 25 deletions(-) > > > > > > Now that Serge has the capabilities tree back up and running I'm > > > assuming he will grab this patch, if not just let me know Serge and I > > > can take it. > > > > > > Reviewed-by: Paul Moore <paul@paul-moore.com> > > > > Bump this thread to make sure Serge sees it ... > > d'oh, sorry, yes > > Acked-by: Serge Hallyn <serge@hallyn.com> > > I will apply this now. Thanks! Dave > -serge
diff --git a/include/linux/capability.h b/include/linux/capability.h index 0c356a517991..1fb08922552c 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -139,7 +139,6 @@ static inline kernel_cap_t cap_raise_nfsd_set(const kernel_cap_t a, } #ifdef CONFIG_MULTIUSER -extern bool has_capability(struct task_struct *t, int cap); extern bool has_ns_capability(struct task_struct *t, struct user_namespace *ns, int cap); extern bool has_capability_noaudit(struct task_struct *t, int cap); @@ -150,10 +149,6 @@ extern bool ns_capable(struct user_namespace *ns, int cap); extern bool ns_capable_noaudit(struct user_namespace *ns, int cap); extern bool ns_capable_setid(struct user_namespace *ns, int cap); #else -static inline bool has_capability(struct task_struct *t, int cap) -{ - return true; -} static inline bool has_ns_capability(struct task_struct *t, struct user_namespace *ns, int cap) { diff --git a/kernel/capability.c b/kernel/capability.c index dac4df77e376..67094b628ea9 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -289,22 +289,6 @@ bool has_ns_capability(struct task_struct *t, return (ret == 0); } -/** - * has_capability - Does a task have a capability in init_user_ns - * @t: The task in question - * @cap: The capability to be tested for - * - * Return true if the specified task has the given superior capability - * currently in effect to the initial user namespace, false if not. - * - * Note that this does not set PF_SUPERPRIV on the task. - */ -bool has_capability(struct task_struct *t, int cap) -{ - return has_ns_capability(t, &init_user_ns, cap); -} -EXPORT_SYMBOL(has_capability); - /** * has_ns_capability_noaudit - Does a task have a capability (unaudited) * in a specific user ns. diff --git a/security/commoncap.c b/security/commoncap.c index cefad323a0b1..7019d0e47e62 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -59,10 +59,11 @@ static void warn_setuid_and_fcaps_mixed(const char *fname) * Determine whether the nominated task has the specified capability amongst * its effective set, returning 0 if it does, -ve if it does not. * - * NOTE WELL: cap_has_capability() cannot be used like the kernel's capable() - * and has_capability() functions. That is, it has the reverse semantics: - * cap_has_capability() returns 0 when a task has a capability, but the - * kernel's capable() and has_capability() returns 1 for this case. + * NOTE WELL: cap_capable() has reverse semantics to the capable() call + * and friends. That is cap_capable() returns an int 0 when a task has + * a capability, while the kernel's capable(), has_ns_capability(), + * has_ns_capability_noaudit(), and has_capability_noaudit() return a + * bool true (1) for this case. */ int cap_capable(const struct cred *cred, struct user_namespace *targ_ns, int cap, unsigned int opts)