diff mbox series

[07/10] kernel: use new capable_any functionality

Message ID 20240315113828.258005-7-cgzones@googlemail.com (mailing list archive)
State New
Delegated to: Paul Moore
Headers show
Series [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY | expand

Commit Message

Christian Göttsche March 15, 2024, 11:37 a.m. UTC 
Use the new added capable_any function in appropriate cases, where a
task is required to have any of two capabilities.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Reviewed-by: Christian Brauner <brauner@kernel.org>
---
v3:
   rename to capable_any()
---
 kernel/fork.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Tycho Andersen March 15, 2024, 3:03 p.m. UTC | #1 
On Fri, Mar 15, 2024 at 5:39 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> Use the new added capable_any function in appropriate cases, where a
> task is required to have any of two capabilities.
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> Reviewed-by: Christian Brauner <brauner@kernel.org>


Reviewed-by: Tycho Andersen <tandersen@netflix.com>
diff mbox series

Patch

diff --git a/kernel/fork.c b/kernel/fork.c
index 39a5046c2f0b..645ab8060407 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -2257,7 +2257,7 @@  __latent_entropy struct task_struct *copy_process(
 	retval = -EAGAIN;
 	if (is_rlimit_overlimit(task_ucounts(p), UCOUNT_RLIMIT_NPROC, rlimit(RLIMIT_NPROC))) {
 		if (p->real_cred->user != INIT_USER &&
-		    !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN))
+		    !capable_any(CAP_SYS_RESOURCE, CAP_SYS_ADMIN))
 			goto bad_fork_cleanup_count;
 	}
 	current->flags &= ~PF_NPROC_EXCEEDED;