Message ID | 20240315113828.258005-7-cgzones@googlemail.com (mailing list archive) |
---|---|
State | New |
Delegated to: | Paul Moore |
Headers | show |
Series | [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY | expand |
On Fri, Mar 15, 2024 at 5:39 AM Christian Göttsche <cgzones@googlemail.com> wrote: > > Use the new added capable_any function in appropriate cases, where a > task is required to have any of two capabilities. > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > Reviewed-by: Christian Brauner <brauner@kernel.org> Reviewed-by: Tycho Andersen <tandersen@netflix.com>
diff --git a/kernel/fork.c b/kernel/fork.c index 39a5046c2f0b..645ab8060407 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -2257,7 +2257,7 @@ __latent_entropy struct task_struct *copy_process( retval = -EAGAIN; if (is_rlimit_overlimit(task_ucounts(p), UCOUNT_RLIMIT_NPROC, rlimit(RLIMIT_NPROC))) { if (p->real_cred->user != INIT_USER && - !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)) + !capable_any(CAP_SYS_RESOURCE, CAP_SYS_ADMIN)) goto bad_fork_cleanup_count; } current->flags &= ~PF_NPROC_EXCEEDED;