On Fri, Mar 15, 2024 at 4:39 AM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> Use the new added capable_any function in appropriate cases, where a
> task is required to have any of two capabilities.
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
> ---
> v3:
> - rename to capable_any()
> - simplify checkpoint_restore_ns_capable()
> ---
> include/linux/capability.h | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
>
Acked-by: Andrii Nakryiko <andrii@xxxxxxxxxx>
> diff --git a/include/linux/capability.h b/include/linux/capability.h
> index eeb958440656..4db0ffb47271 100644
> --- a/include/linux/capability.h
> +++ b/include/linux/capability.h
> @@ -204,18 +204,17 @@ extern bool file_ns_capable(const struct file *file, struct user_namespace *ns,
> extern bool ptracer_capable(struct task_struct *tsk, struct user_namespace *ns);
> static inline bool perfmon_capable(void)
> {
> - return capable(CAP_PERFMON) || capable(CAP_SYS_ADMIN);
> + return capable_any(CAP_PERFMON, CAP_SYS_ADMIN);
> }
>
> static inline bool bpf_capable(void)
> {
> - return capable(CAP_BPF) || capable(CAP_SYS_ADMIN);
> + return capable_any(CAP_BPF, CAP_SYS_ADMIN);
> }
>
> static inline bool checkpoint_restore_ns_capable(struct user_namespace *ns)
> {
> - return ns_capable(ns, CAP_CHECKPOINT_RESTORE) ||
> - ns_capable(ns, CAP_SYS_ADMIN);
> + return ns_capable_any(ns, CAP_CHECKPOINT_RESTORE, CAP_SYS_ADMIN);
> }
>
> /* audit system wants to get cap info from files as well */
> --
> 2.43.0
>
>
