The patch titled
userns: remove unneeded extra argument in selinux's task_has_capability
has been removed from the -mm tree. Its filename was
userns-security-make-capabilities-relative-to-the-user-namespace-remove-unneeded-extra-argument-in-selinuxs-task_has_capability.patch
This patch was dropped because it was folded into userns-security-make-capabilities-relative-to-the-user-namespace.patch
The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/
------------------------------------------------------
Subject: userns: remove unneeded extra argument in selinux's task_has_capability
From: "Serge E. Hallyn" <serge.hallyn@xxxxxxxxxxxxx>
The user_namespace argument is not used by task_has_capability, so get
rid of it. Note that it was spuriously added by the user namespace
patchset, so we're just cleaning up our own mess.
Signed-off-by: Serge E. Hallyn <serge.hallyn@xxxxxxxxxxxxx>
Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Cc: Daniel Lezcano <daniel.lezcano@xxxxxxx>
Cc: David Howells <dhowells@xxxxxxxxxx>
Cc: Eric W. Biederman <ebiederm@xxxxxxxxxxxx>
Cc: James Morris <jmorris@xxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
security/selinux/hooks.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff -puN security/selinux/hooks.c~userns-security-make-capabilities-relative-to-the-user-namespace-remove-unneeded-extra-argument-in-selinuxs-task_has_capability security/selinux/hooks.c
--- a/security/selinux/hooks.c~userns-security-make-capabilities-relative-to-the-user-namespace-remove-unneeded-extra-argument-in-selinuxs-task_has_capability
+++ a/security/selinux/hooks.c
@@ -1419,7 +1419,6 @@ static int current_has_perm(const struct
/* Check whether a task is allowed to use a capability. */
static int task_has_capability(struct task_struct *tsk,
const struct cred *cred,
- struct user_namespace *ns,
int cap, int audit)
{
struct common_audit_data ad;
@@ -1856,7 +1855,7 @@ static int selinux_capable(struct task_s
if (rc)
return rc;
- return task_has_capability(tsk, cred, ns, cap, audit);
+ return task_has_capability(tsk, cred, cap, audit);
}
static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
@@ -2971,8 +2970,8 @@ static int selinux_file_ioctl(struct fil
case KDSKBENT:
case KDSKBSENT:
- error = task_has_capability(current, cred, &init_user_ns,
- CAP_SYS_TTY_CONFIG, SECURITY_CAP_AUDIT);
+ error = task_has_capability(current, cred, CAP_SYS_TTY_CONFIG,
+ SECURITY_CAP_AUDIT);
break;
/* default case assumes that the command will go
_
Patches currently in -mm which might be from serge.hallyn@xxxxxxxxxxxxx are
origin.patch
userns-add-a-user_namespace-as-creator-owner-of-uts_namespace.patch
userns-security-make-capabilities-relative-to-the-user-namespace.patch
userns-allow-sethostname-in-a-container.patch
userns-allow-killing-tasks-in-your-own-or-child-userns.patch
userns-allow-ptrace-from-non-init-user-namespaces.patch
userns-make-has_capability-into-real-functions.patch
userns-user-namespaces-convert-all-capable-checks-in-kernel-sysc.patch
userns-add-a-user-namespace-owner-of-ipc-ns.patch
userns-add-a-user-namespace-owner-of-ipc-ns-dont-define-init_user_ns-in-ipc_namespaceh.patch
userns-user-namespaces-convert-several-capable-calls.patch
userns-user-namespaces-convert-several-capable-calls-checkpatch-fixes.patch
userns-userns-check-user-namespace-for-task-file-uid-equivalence-checks.patch
userns-userns-check-user-namespace-for-task-file-uid-equivalence-checks-checkpatch-fixes.patch
userns-rename-is_owner_or_cap-to-inode_owner_or_capable.patch
userns-rename-is_owner_or_cap-to-inode_owner_or_capable-fix.patch
userns-rename-is_owner_or_cap-to-inode_owner_or_capable-fix-fix.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
