The patch titled userns: remove unneeded extra argument in selinux's task_has_capability has been removed from the -mm tree. Its filename was userns-security-make-capabilities-relative-to-the-user-namespace-remove-unneeded-extra-argument-in-selinuxs-task_has_capability.patch This patch was dropped because it was folded into userns-security-make-capabilities-relative-to-the-user-namespace.patch The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/ ------------------------------------------------------ Subject: userns: remove unneeded extra argument in selinux's task_has_capability From: "Serge E. Hallyn" <serge.hallyn@xxxxxxxxxxxxx> The user_namespace argument is not used by task_has_capability, so get rid of it. Note that it was spuriously added by the user namespace patchset, so we're just cleaning up our own mess. Signed-off-by: Serge E. Hallyn <serge.hallyn@xxxxxxxxxxxxx> Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> Cc: Daniel Lezcano <daniel.lezcano@xxxxxxx> Cc: David Howells <dhowells@xxxxxxxxxx> Cc: Eric W. Biederman <ebiederm@xxxxxxxxxxxx> Cc: James Morris <jmorris@xxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- security/selinux/hooks.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff -puN security/selinux/hooks.c~userns-security-make-capabilities-relative-to-the-user-namespace-remove-unneeded-extra-argument-in-selinuxs-task_has_capability security/selinux/hooks.c --- a/security/selinux/hooks.c~userns-security-make-capabilities-relative-to-the-user-namespace-remove-unneeded-extra-argument-in-selinuxs-task_has_capability +++ a/security/selinux/hooks.c @@ -1419,7 +1419,6 @@ static int current_has_perm(const struct /* Check whether a task is allowed to use a capability. */ static int task_has_capability(struct task_struct *tsk, const struct cred *cred, - struct user_namespace *ns, int cap, int audit) { struct common_audit_data ad; @@ -1856,7 +1855,7 @@ static int selinux_capable(struct task_s if (rc) return rc; - return task_has_capability(tsk, cred, ns, cap, audit); + return task_has_capability(tsk, cred, cap, audit); } static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb) @@ -2971,8 +2970,8 @@ static int selinux_file_ioctl(struct fil case KDSKBENT: case KDSKBSENT: - error = task_has_capability(current, cred, &init_user_ns, - CAP_SYS_TTY_CONFIG, SECURITY_CAP_AUDIT); + error = task_has_capability(current, cred, CAP_SYS_TTY_CONFIG, + SECURITY_CAP_AUDIT); break; /* default case assumes that the command will go _ Patches currently in -mm which might be from serge.hallyn@xxxxxxxxxxxxx are origin.patch userns-add-a-user_namespace-as-creator-owner-of-uts_namespace.patch userns-security-make-capabilities-relative-to-the-user-namespace.patch userns-allow-sethostname-in-a-container.patch userns-allow-killing-tasks-in-your-own-or-child-userns.patch userns-allow-ptrace-from-non-init-user-namespaces.patch userns-make-has_capability-into-real-functions.patch userns-user-namespaces-convert-all-capable-checks-in-kernel-sysc.patch userns-add-a-user-namespace-owner-of-ipc-ns.patch userns-add-a-user-namespace-owner-of-ipc-ns-dont-define-init_user_ns-in-ipc_namespaceh.patch userns-user-namespaces-convert-several-capable-calls.patch userns-user-namespaces-convert-several-capable-calls-checkpatch-fixes.patch userns-userns-check-user-namespace-for-task-file-uid-equivalence-checks.patch userns-userns-check-user-namespace-for-task-file-uid-equivalence-checks-checkpatch-fixes.patch userns-rename-is_owner_or_cap-to-inode_owner_or_capable.patch userns-rename-is_owner_or_cap-to-inode_owner_or_capable-fix.patch userns-rename-is_owner_or_cap-to-inode_owner_or_capable-fix-fix.patch -- To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html