On Thu, May 11, 2023 at 7:26 AM Christian Göttsche <cgzones@xxxxxxxxxxxxxx> wrote: > > Use the new added capable_any function in appropriate cases, where a > task is required to have any of two capabilities. > > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> > --- > v3: > rename to capable_any() > --- > kernel/bpf/syscall.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > Acked-by: Andrii Nakryiko <andrii@xxxxxxxxxx> > diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c > index 14f39c1e573e..1bd50da05a22 100644 > --- a/kernel/bpf/syscall.c > +++ b/kernel/bpf/syscall.c > @@ -2539,7 +2539,7 @@ static int bpf_prog_load(union bpf_attr *attr, bpfptr_t uattr, u32 uattr_size) > !bpf_capable()) > return -EPERM; > > - if (is_net_admin_prog_type(type) && !capable(CAP_NET_ADMIN) && !capable(CAP_SYS_ADMIN)) > + if (is_net_admin_prog_type(type) && !capable_any(CAP_NET_ADMIN, CAP_SYS_ADMIN)) > return -EPERM; > if (is_perfmon_prog_type(type) && !perfmon_capable()) > return -EPERM; > -- > 2.40.1 >
