Use the new added capable_or function in appropriate cases, where a task is required to have any of two capabilities. Reorder CAP_SYS_ADMIN last. Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> --- net/caif/caif_socket.c | 2 +- net/unix/scm.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c index 2b8892d502f7..60498148126c 100644 --- a/net/caif/caif_socket.c +++ b/net/caif/caif_socket.c @@ -1036,7 +1036,7 @@ static int caif_create(struct net *net, struct socket *sock, int protocol, .usersize = sizeof_field(struct caifsock, conn_req.param) }; - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_NET_ADMIN)) + if (!capable_or(CAP_NET_ADMIN, CAP_SYS_ADMIN)) return -EPERM; /* * The sock->type specifies the socket type to use. diff --git a/net/unix/scm.c b/net/unix/scm.c index aa27a02478dc..821be80e6c85 100644 --- a/net/unix/scm.c +++ b/net/unix/scm.c @@ -99,7 +99,7 @@ static inline bool too_many_unix_fds(struct task_struct *p) struct user_struct *user = current_user(); if (unlikely(user->unix_inflight > task_rlimit(p, RLIMIT_NOFILE))) - return !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN); + return !capable_or(CAP_SYS_RESOURCE, CAP_SYS_ADMIN); return false; } -- 2.36.0