Message ID | 20220615152623.311223-5-cgzones@googlemail.com (mailing list archive) |
---|---|
State | Handled Elsewhere |
Delegated to: | Paul Moore |
Headers | show |
Series | [v3,1/8] capability: add any wrapper to test for multiple caps with exactly one audit message | expand |
diff --git a/kernel/fork.c b/kernel/fork.c index 9d44f2d46c69..1665fb4591c7 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -2104,7 +2104,7 @@ static __latent_entropy struct task_struct *copy_process( retval = -EAGAIN; if (is_ucounts_overlimit(task_ucounts(p), UCOUNT_RLIMIT_NPROC, rlimit(RLIMIT_NPROC))) { if (p->real_cred->user != INIT_USER && - !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)) + !capable_any(CAP_SYS_RESOURCE, CAP_SYS_ADMIN)) goto bad_fork_cleanup_count; } current->flags &= ~PF_NPROC_EXCEEDED;
Use the new added capable_any function in appropriate cases, where a task is required to have any of two capabilities. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- v3: rename to capable_any() --- kernel/fork.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)