On Tue, Nov 16, 2021 at 09:30:12AM +0000, David Laight wrote: > From: Alistair Delva > > Sent: 15 November 2021 19:09 > ... > > > > - if (!capable(CAP_SYS_NICE) && !capable(CAP_SYS_ADMIN)) > > > > + if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_NICE)) > > > > return -EPERM; > > Isn't the real problem that you actually want to test: > if (!capable(CAP_SYS_NICE | CAP_SYS_ADMIN)) > return -EPERM; > so that you only get the fail 'splat' when neither is set. > > This will be true whenever more than one capability enables something. > > Possibly this needs something like: > int capabale_or(unsigned int, ...); > #define capabale_or(...) capabable_or(__VA_LIST__, ~0u) > > David Right, that's what i was suggesting yesterday. We do this in other places, where we split off a more fine-grained version of a gross capability. If we care enough about the audit messages, then we probably do need a new primitive. -serge
