diff options
| author |   Eric Paris <eparis@redhat.com> | 2012-01-03 12:25:15 -0500 |
|---|---|---|
| committer | Eric Paris <eparis@redhat.com> | 2012-01-05 18:52:59 -0500 |
| commit | f1c84dae0ecc51aa35c81f19a0ebcd6c0921ddcb (patch) | |
| tree | 59d729bb7806e42a13f0ec1657c90b717c314002 /kernel/sched.c | |
| parent | capabitlies: ns_capable can use the cap helpers rather than lsm call (diff) | |
| download | linux-dev-f1c84dae0ecc51aa35c81f19a0ebcd6c0921ddcb.tar.xz linux-dev-f1c84dae0ecc51aa35c81f19a0ebcd6c0921ddcb.zip | |
capabilities: remove task_ns_* functions
task_ in the front of a function, in the security subsystem anyway, means
to me at least, that we are operating with that task as the subject of the
security decision. In this case what it means is that we are using current as
the subject but we use the task to get the right namespace. Who in the world
would ever realize that's what task_ns_capability means just by the name? This
patch eliminates the task_ns functions entirely and uses the has_ns_capability
function instead. This means we explicitly open code the ns in question in
the caller. I think it makes the caller a LOT more clear what is going on.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>
Diffstat (limited to '')
| -rw-r--r-- | kernel/sched.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/sched.c b/kernel/sched.c index b50b0f0c9aa9..5670028a9c16 100644 --- a/kernel/sched.c +++ b/kernel/sched.c @@ -5409,7 +5409,7 @@ long sched_setaffinity(pid_t pid, const struct cpumask *in_mask) goto out_free_cpus_allowed; } retval = -EPERM; - if (!check_same_owner(p) && !task_ns_capable(p, CAP_SYS_NICE)) + if (!check_same_owner(p) && !ns_capable(task_user_ns(p), CAP_SYS_NICE)) goto out_unlock; retval = security_task_setscheduler(p); |