On Monday, March 09, 2015 09:35:46 PM Mateusz Guzik wrote:
> Can be used to determine whether two given sets have the same
> capabilities.
>
> Signed-off-by: Mateusz Guzik <mguzik@xxxxxxxxxx>
> ---
> include/linux/capability.h | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/include/linux/capability.h b/include/linux/capability.h
> index af9f0b9..2fcf941 100644
> --- a/include/linux/capability.h
> +++ b/include/linux/capability.h
> @@ -155,6 +155,16 @@ static inline int cap_isclear(const kernel_cap_t a)
> return 1;
> }
>
> +static inline int cap_isequal(const kernel_cap_t a, const kernel_cap_t b)
> +{
> + unsigned __capi;
> + CAP_FOR_EACH_U32(__capi) {
> + if (a.cap[__capi] != b.cap[__capi])
> + return 0;
> + }
> + return 1;
> +}
I realize it is currently only a two pass loop so probably not that big of a
deal, but couldn't you accomplish the same with a memcmp()? I suppose the
above implementation might be faster than those architectures which use the
generic memcmp() implementation, but I wonder if the arch-specific memcmp()
implementations would be faster.
Also, what is the main motivation for this patchset? Do you have a workload
that is being hit hard by prepare_creds()?
--
paul moore
security @ redhat
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
