On Mon, May 09, 2022 at 12:15:09PM -0500, Serge E. Hallyn wrote: > On Mon, May 02, 2022 at 06:00:29PM +0200, Christian Göttsche wrote: > > Use the new added capable_or function in appropriate cases, where a task > > is required to have any of two capabilities. > > > > Reorder CAP_SYS_ADMIN last. > > > > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> > > Thanks, for 2-8: > > Reviewed-by: Serge Hallyn <serge@xxxxxxxxxx> > > though I'd still like to talk about the name :) Just checking in - is this being discussed elsewhere? > > --- > > net/caif/caif_socket.c | 2 +- > > net/unix/scm.c | 2 +- > > 2 files changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c > > index 2b8892d502f7..60498148126c 100644 > > --- a/net/caif/caif_socket.c > > +++ b/net/caif/caif_socket.c > > @@ -1036,7 +1036,7 @@ static int caif_create(struct net *net, struct socket *sock, int protocol, > > .usersize = sizeof_field(struct caifsock, conn_req.param) > > }; > > > > - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_NET_ADMIN)) > > + if (!capable_or(CAP_NET_ADMIN, CAP_SYS_ADMIN)) > > return -EPERM; > > /* > > * The sock->type specifies the socket type to use. > > diff --git a/net/unix/scm.c b/net/unix/scm.c > > index aa27a02478dc..821be80e6c85 100644 > > --- a/net/unix/scm.c > > +++ b/net/unix/scm.c > > @@ -99,7 +99,7 @@ static inline bool too_many_unix_fds(struct task_struct *p) > > struct user_struct *user = current_user(); > > > > if (unlikely(user->unix_inflight > task_rlimit(p, RLIMIT_NOFILE))) > > - return !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN); > > + return !capable_or(CAP_SYS_RESOURCE, CAP_SYS_ADMIN); > > return false; > > } > > > > -- > > 2.36.0
