On Mon, May 02, 2022 at 06:00:29PM +0200, Christian Göttsche wrote: > Use the new added capable_or function in appropriate cases, where a task > is required to have any of two capabilities. > > Reorder CAP_SYS_ADMIN last. > > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> Thanks, for 2-8: Reviewed-by: Serge Hallyn <serge@xxxxxxxxxx> though I'd still like to talk about the name :) > --- > net/caif/caif_socket.c | 2 +- > net/unix/scm.c | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c > index 2b8892d502f7..60498148126c 100644 > --- a/net/caif/caif_socket.c > +++ b/net/caif/caif_socket.c > @@ -1036,7 +1036,7 @@ static int caif_create(struct net *net, struct socket *sock, int protocol, > .usersize = sizeof_field(struct caifsock, conn_req.param) > }; > > - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_NET_ADMIN)) > + if (!capable_or(CAP_NET_ADMIN, CAP_SYS_ADMIN)) > return -EPERM; > /* > * The sock->type specifies the socket type to use. > diff --git a/net/unix/scm.c b/net/unix/scm.c > index aa27a02478dc..821be80e6c85 100644 > --- a/net/unix/scm.c > +++ b/net/unix/scm.c > @@ -99,7 +99,7 @@ static inline bool too_many_unix_fds(struct task_struct *p) > struct user_struct *user = current_user(); > > if (unlikely(user->unix_inflight > task_rlimit(p, RLIMIT_NOFILE))) > - return !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN); > + return !capable_or(CAP_SYS_RESOURCE, CAP_SYS_ADMIN); > return false; > } > > -- > 2.36.0
