Thanks Matt for noticing the sbits testcase was screaming at us
about this being broken!
Signed-off-by: Serge E. Hallyn <serue@xxxxxxxxxx>
---
kernel/capability.c | 16 ----------------
1 files changed, 0 insertions(+), 16 deletions(-)
diff --git a/kernel/capability.c b/kernel/capability.c
index ccb8907..c39d6b0 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -316,7 +316,6 @@ SYSCALL_DEFINE2(capset, cap_user_header_t, header, const cap_user_data_t, data)
}
-#ifdef CONFIG_SECURITY_FILE_CAPABILITIES
int apply_securebits(unsigned securebits, struct cred *new)
{
if ((((new->securebits & SECURE_ALL_LOCKS) >> 1)
@@ -361,21 +360,6 @@ static inline int restore_cap_bset(kernel_cap_t bset, struct cred *cred)
return 0;
}
-#else /* CONFIG_SECURITY_FILE_CAPABILITIES */
-
-int apply_securebits(unsigned securebits, struct cred *new)
-{
- /* settable securebits not supported */
- return 0;
-}
-
-static inline int restore_cap_bset(kernel_cap_t bset, struct cred *cred)
-{
- /* bounding sets not supported */
- return 0;
-}
-#endif /* CONFIG_SECURITY_FILE_CAPABILITIES */
-
#ifdef CONFIG_CHECKPOINT
static int do_restore_caps(struct ckpt_capabilities *h, struct cred *cred)
{
--
1.6.0.4
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
