From patchwork Thu May 11 14:25:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13238034 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2CE1DC7EE22 for ; Thu, 11 May 2023 14:27:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238324AbjEKO13 (ORCPT ); Thu, 11 May 2023 10:27:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47062 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238264AbjEKO0y (ORCPT ); Thu, 11 May 2023 10:26:54 -0400 Received: from mail-ej1-x62f.google.com (mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20::62f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0F8B310A1F; Thu, 11 May 2023 07:26:39 -0700 (PDT) Received: by mail-ej1-x62f.google.com with SMTP id a640c23a62f3a-9619095f479so1394099866b.1; Thu, 11 May 2023 07:26:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1683815198; x=1686407198; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=COA3OKhGOWcRWHzvnj/0MR1RJBS6NTQDYtZ3E92nD9k=; b=KprNXu/0rjC72VYIYbLSUyTkcWBQ5X6n2YqUusFCTLphcDoM4whOOylOtBRBO31LJm tecL+59ZQHLa98Ej5kve9mTf02PRKA1IDaBFXmLnDhWb34ivlXQmmnAOd1n9dir3vg5k TZgccFs5V0k8f1j44UY/WAim3TzSOA/qS+EsOLGyqdxgvuLFge8Yty7M4CnMd1iENzQt rcuWf2y/0AA7uls97GtL+ipCeJQVry5uZIEe7WIrWCZls9hLraORJDRSMUER3iLvR9+b UE9Kh7Iy2uC8BtGrX7J6Rt3NV+doenwkdkKGoU1ECfMb1gkzfzSHkFXGHudBU1D3QK0M FRxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683815198; x=1686407198; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=COA3OKhGOWcRWHzvnj/0MR1RJBS6NTQDYtZ3E92nD9k=; b=cMXvxIQsHSJBv83Y1WdvFqM8fsu/1xDc0sIzYzBJP8BMbVFy1pN7KiFzMyLAhkRIn1 MPTxHPumgsq8+F+r01zDQc5Mj1lXFfyLb2mvTyAeeaK04a/kW0mqZpplBlf+cx+xnwY8 ffBXZToflcaN/uFv8p3xOJYYAxvkIx06E1inG1crz109BTFlgKPUFcw5M4DIvaeI84fH YmYEmXZ5/N9SNlEK6tPPROxWJmOOjfL0OvZknm3lFJi3O/YiyN1xCw3J3Dgxq7rX8udG 24sP2+rOpRObpAgdHvzU6oCiCk328UbU26M8f7ER8+l5fioUd6bq8GvVbdRn3z6kXjfe fNjQ== X-Gm-Message-State: AC+VfDzUotiGoEbHqDvGwhDZXYdJvHaCyAvKnC18kJhoC61ockUgSBDW i3FcFVq8SmaI+ooGuRXtyJnzY2BWWsyPSA== X-Google-Smtp-Source: ACHHUZ6sJPbIyCLKckLKv3SFQ0McukbNDBAqdKo+FHAKYqkmblP9Ut5oOwEfvILuHIVdb7517MXL+w== X-Received: by 2002:a17:906:5d16:b0:960:f1a6:69df with SMTP id g22-20020a1709065d1600b00960f1a669dfmr23521045ejt.36.1683815198256; Thu, 11 May 2023 07:26:38 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-008-180-228.77.8.pool.telefonica.de. [77.8.180.228]) by smtp.gmail.com with ESMTPSA id hf15-20020a1709072c4f00b0094f58a85bc5sm4056647ejc.180.2023.05.11.07.26.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 May 2023 07:26:37 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Alexander Viro , Christian Brauner , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH v4 6/9] fs: use new capable_any functionality Date: Thu, 11 May 2023 16:25:29 +0200 Message-Id: <20230511142535.732324-6-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230511142535.732324-1-cgzones@googlemail.com> References: <20230511142535.732324-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the new added capable_any function in appropriate cases, where a task is required to have any of two capabilities. Signed-off-by: Christian Göttsche Acked-by: Christian Brauner --- v3: rename to capable_any() --- fs/pipe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/pipe.c b/fs/pipe.c index ceb17d2dfa19..05c64494d37b 100644 --- a/fs/pipe.c +++ b/fs/pipe.c @@ -776,7 +776,7 @@ bool too_many_pipe_buffers_hard(unsigned long user_bufs) bool pipe_is_unprivileged_user(void) { - return !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN); + return !capable_any(CAP_SYS_RESOURCE, CAP_SYS_ADMIN); } struct pipe_inode_info *alloc_pipe_info(void)