On Fri, Mar 15, 2024 at 4:39 AM Christian Göttsche <cgzones@xxxxxxxxxxxxxx> wrote: > > Use the new added capable_any function in appropriate cases, where a > task is required to have any of two capabilities. > > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> > --- > v3: > - rename to capable_any() > - simplify checkpoint_restore_ns_capable() > --- > include/linux/capability.h | 7 +++---- > 1 file changed, 3 insertions(+), 4 deletions(-) > Acked-by: Andrii Nakryiko <andrii@xxxxxxxxxx> > diff --git a/include/linux/capability.h b/include/linux/capability.h > index eeb958440656..4db0ffb47271 100644 > --- a/include/linux/capability.h > +++ b/include/linux/capability.h > @@ -204,18 +204,17 @@ extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, > extern bool ptracer_capable(struct task_struct *tsk, struct user_namespace *ns); > static inline bool perfmon_capable(void) > { > - return capable(CAP_PERFMON) || capable(CAP_SYS_ADMIN); > + return capable_any(CAP_PERFMON, CAP_SYS_ADMIN); > } > > static inline bool bpf_capable(void) > { > - return capable(CAP_BPF) || capable(CAP_SYS_ADMIN); > + return capable_any(CAP_BPF, CAP_SYS_ADMIN); > } > > static inline bool checkpoint_restore_ns_capable(struct user_namespace *ns) > { > - return ns_capable(ns, CAP_CHECKPOINT_RESTORE) || > - ns_capable(ns, CAP_SYS_ADMIN); > + return ns_capable_any(ns, CAP_CHECKPOINT_RESTORE, CAP_SYS_ADMIN); > } > > /* audit system wants to get cap info from files as well */ > -- > 2.43.0 > >