[v4,6/9] fs: use new capable_any functionality

Message ID	20230511142535.732324-6-cgzones@googlemail.com (mailing list archive)
State	Handled Elsewhere
Delegated to:	Paul Moore
Headers	show Return-Path: <selinux-owner@vger.kernel.org> From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> To: selinux@vger.kernel.org Cc: Alexander Viro <viro@zeniv.linux.org.uk>, Christian Brauner <brauner@kernel.org>, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH v4 6/9] fs: use new capable_any functionality Date: Thu, 11 May 2023 16:25:29 +0200 Message-Id: <20230511142535.732324-6-cgzones@googlemail.com> In-Reply-To: <20230511142535.732324-1-cgzones@googlemail.com> References: <20230511142535.732324-1-cgzones@googlemail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	[v4,1/9] capability: introduce new capable flag NODENYAUDIT \| expand [v4,1/9] capability: introduce new capable flag NODENYAUDIT [v4,2/9] capability: add any wrapper to test for multiple caps with exactly one audit message [v4,3/9] capability: use new capable_any functionality [v4,4/9] block: use new capable_any functionality [v4,5/9] drivers: use new capable_any functionality [v4,6/9] fs: use new capable_any functionality [v4,7/9] kernel: use new capable_any functionality [v4,8/9] bpf: use new capable_any functionality [v4,9/9] net: use new capable_any functionality

Message ID

20230511142535.732324-6-cgzones@googlemail.com (mailing list archive)

State

Handled Elsewhere

Delegated to:

Paul Moore

Headers

From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Cc: Alexander Viro <viro@zeniv.linux.org.uk>,
        Christian Brauner <brauner@kernel.org>,
        linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
        bpf@vger.kernel.org
Subject: [PATCH v4 6/9] fs: use new capable_any functionality
Date: Thu, 11 May 2023 16:25:29 +0200
Message-Id: <20230511142535.732324-6-cgzones@googlemail.com>
In-Reply-To: <20230511142535.732324-1-cgzones@googlemail.com>
References: <20230511142535.732324-1-cgzones@googlemail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

[v4,1/9] capability: introduce new capable flag NODENYAUDIT | expand

Commit Message

Christian Göttsche May 11, 2023, 2:25 p.m. UTC

Use the new added capable_any function in appropriate cases, where a
task is required to have any of two capabilities.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
v3:
   rename to capable_any()
---
 fs/pipe.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Christian Brauner May 15, 2023, 7:56 a.m. UTC | #1

On Thu, May 11, 2023 at 04:25:29PM +0200, Christian Göttsche wrote:
> Use the new added capable_any function in appropriate cases, where a
> task is required to have any of two capabilities.
> 
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---

Acked-by: Christian Brauner <brauner@kernel.org>

diff --git a/fs/pipe.c b/fs/pipe.c
index ceb17d2dfa19..05c64494d37b 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -776,7 +776,7 @@  bool too_many_pipe_buffers_hard(unsigned long user_bufs)
 
 bool pipe_is_unprivileged_user(void)
 {
-	return !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN);
+	return !capable_any(CAP_SYS_RESOURCE, CAP_SYS_ADMIN);
 }
 
 struct pipe_inode_info *alloc_pipe_info(void)

[v4,6/9] fs: use new capable_any functionality

Commit Message

Comments

Patch