diff options
| author | Mauro Carvalho Chehab <mchehab@redhat.com> | 2013-04-30 09:00:33 -0300 |
|---|---|---|
| committer | Mauro Carvalho Chehab <mchehab@redhat.com> | 2013-04-30 09:00:33 -0300 |
| commit | aad797c89903d570c17f6affc770eb98afd74e62 (patch) | |
| tree | bddefd4242b0efba1068b5260f831c2697ba4037 /kernel/capability.c | |
| parent | c95789ecd5a979fd718ae09763df3fa50dd97a91 (diff) | |
| parent | c1be5a5b1b355d40e6cf79cc979eb66dafa24ad1 (diff) | |
Merge tag 'v3.9' into v4l_for_linus
Linux 3.9
* tag 'v3.9': (1099 commits)
Linux 3.9
vm: add no-mmu vm_iomap_memory() stub
efivars: only check for duplicates on the registered list
TTY: fix atime/mtime regression
aio: fix possible invalid memory access when DEBUG is enabled
parisc: use spin_lock_irqsave/spin_unlock_irqrestore for PTE updates
parisc: disable -mlong-calls compiler option for kernel modules
parisc: uaccess: fix compiler warnings caused by __put_user casting
parisc: Change kunmap macro to static inline function
parisc: Provide __ucmpdi2 to resolve undefined references in 32 bit builds.
sparc64: Fix missing put_cpu_var() in tlb_batch_add_one() when not batching.
Revert "gpio: pxa: set initcall level to module init"
efi: Check EFI revision in setup_efi_vars
x86, efi: Fix a build warning
Revert "MIPS: page.h: Provide more readable definition for PAGE_MASK."
kernel/hz.bc: ignore.
Linux 3.9-rc8
events: Protect access via task_subsys_state_check()
net: fix incorrect credentials passing
x86, microcode: Verify the family before dispatching microcode patching
...
Diffstat (limited to 'kernel/capability.c')
| -rw-r--r-- | kernel/capability.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/kernel/capability.c b/kernel/capability.c index 493d97259484..f6c2ce5701e1 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -393,6 +393,30 @@ bool ns_capable(struct user_namespace *ns, int cap) EXPORT_SYMBOL(ns_capable); /** + * file_ns_capable - Determine if the file's opener had a capability in effect + * @file: The file we want to check + * @ns: The usernamespace we want the capability in + * @cap: The capability to be tested for + * + * Return true if task that opened the file had a capability in effect + * when the file was opened. + * + * This does not set PF_SUPERPRIV because the caller may not + * actually be privileged. + */ +bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap) +{ + if (WARN_ON_ONCE(!cap_valid(cap))) + return false; + + if (security_capable(file->f_cred, ns, cap) == 0) + return true; + + return false; +} +EXPORT_SYMBOL(file_ns_capable); + +/** * capable - Determine if the current task has a superior capability in effect * @cap: The capability to be tested for * |