On Tue, 2009-02-10 at 09:06 -0500, Stephen Smalley wrote: > On Mon, 2009-02-09 at 16:37 -0500, Eric Paris wrote: > > For cleanliness and efficiency remove all calls to secondary-> and instead > > call capabilities code directly. capabilities are the only module that > > selinux stacks with and so the code should not indicate that other stacking > > might be possible. > > > > Signed-off-by: Eric Paris <eparis@xxxxxxxxxx> > > --- > > > > security/selinux/hooks.c | 28 ++++++++++++++-------------- > > 1 files changed, 14 insertions(+), 14 deletions(-) > > > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > > index 6e6847d..e2bdb28 100644 > > --- a/security/selinux/hooks.c > > +++ b/security/selinux/hooks.c > > @@ -2087,7 +2087,7 @@ static int selinux_syslog(int type) > > * mapping. 0 means there is enough memory for the allocation to > > * succeed and -ENOMEM implies there is not. > > * > > - * Note that secondary_ops->capable and task_has_perm_noaudit return 0 > > + * Note that cap_capable and task_has_perm_noaudit return 0 > > This part of the comment is a bit out of date - at this point we are > just calling selinux_capable(...SECURITY_CAP_NOAUDIT) rather than > separately calling cap_capable() and task_has_perm_noaudit(). version 2 will redo the comment completely. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
