mirror of
https://github.com/Fishwaldo/Star64_linux.git
synced 2025-07-04 21:31:51 +00:00
capabilities: remove task_ns_* functions
task_ in the front of a function, in the security subsystem anyway, means to me at least, that we are operating with that task as the subject of the security decision. In this case what it means is that we are using current as the subject but we use the task to get the right namespace. Who in the world would ever realize that's what task_ns_capability means just by the name? This patch eliminates the task_ns functions entirely and uses the has_ns_capability function instead. This means we explicitly open code the ns in question in the caller. I think it makes the caller a LOT more clear what is going on. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>
This commit is contained in:
Eric Paris
parent
d2a7009f0b
commit
f1c84dae0e
5 changed files with 7 additions and 20 deletions
|
|
@ -547,7 +547,6 @@ extern bool has_ns_capability_noaudit(struct task_struct *t,
|
|||
struct user_namespace *ns, int cap);
|
||||
extern bool capable(int cap);
|
||||
extern bool ns_capable(struct user_namespace *ns, int cap);
|
||||
extern bool task_ns_capable(struct task_struct *t, int cap);
|
||||
extern bool nsown_capable(int cap);
|
||||
|
||||
/* audit system wants to get cap info from files as well */
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue