Re: [PATCH v1 2/2] seccomp: Set PF_SUPERPRIV when checking capability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Oct 30, 2020 at 1:39 PM Mickaël Salaün <mic@xxxxxxxxxxx> wrote:
> Replace the use of security_capable(current_cred(), ...) with
> ns_capable_noaudit() which set PF_SUPERPRIV.
>
> Since commit 98f368e9e263 ("kernel: Add noaudit variant of
> ns_capable()"), a new ns_capable_noaudit() helper is available.  Let's
> use it!
>
> Cc: Jann Horn <jannh@xxxxxxxxxx>
> Cc: Kees Cook <keescook@xxxxxxxxxxxx>
> Cc: Tyler Hicks <tyhicks@xxxxxxxxxxxxxxxxxxx>
> Cc: Will Drewry <wad@xxxxxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: e2cfabdfd075 ("seccomp: add system call filtering using BPF")
> Signed-off-by: Mickaël Salaün <mic@xxxxxxxxxxxxxxxxxxx>

Reviewed-by: Jann Horn <jannh@xxxxxxxxxx>
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux