On Thu, Feb 10, 2022 at 02:14:05AM +0100, Solar Designer <solar@xxxxxxxxxxxx> wrote: > However, I think you need to drop the negations of the return value from > security_capable(). > security_capable() returns 0 or -EPERM, while capable() returns a > bool, in kernel/capability.c: ns_capable_common(): Oops. Yeah, I only blindly applied replacement with a predicate for (new) cred and overlooked this inverse semantics. Thanks for pointing that out to me! Nevertheless, this will likely be incorporated via Eric's series anyway. Michal
