From: Christian Göttsche
capable() calls refer to enabled LSMs whether to permit or deny the
request. This is relevant in connection with SELinux, where a
capability check results in a policy decision and by default a denial
message on insufficient permission is issued.
It can lead to three
On Mon, 25 Nov 2024 at 12:31, Richard Weinberger wrote:
>
> - Ursprüngliche Mail -
> > Von: "Christian Göttsche"
> > capable() calls refer to enabled LSMs whether to permit or deny the
> > request. This is relevant in connection with SELinux, where a
From: Christian Göttsche
capable() calls refer to enabled LSMs whether to permit or deny the
request. This is relevant in connection with SELinux, where a
capability check results in a policy decision and by default a denial
message on insufficient permission is issued.
It can lead to three
Use the new added capable_any function in appropriate cases, where a
task is required to have any of two capabilities.
Reorder CAP_SYS_ADMIN last.
Signed-off-by: Christian Göttsche
Acked-by: Alexander Gordeev (s390 portion)
---
v4:
Additional usage in kfd_ioctl()
v3:
rename to
On Wed, 19 Jul 2023 at 09:40, Kefeng Wang wrote:
>
> Use the helpers to simplify code.
>
> Cc: Paul Moore
> Cc: Stephen Smalley
> Cc: Eric Paris
> Acked-by: Paul Moore
> Signed-off-by: Kefeng Wang
> ---
> security/selinux/hooks.c | 7 ++-
> 1 file changed, 2 insertions(+), 5 deletions(-)
On Wed, 12 Jul 2023 at 16:25, Kefeng Wang wrote:
>
> Introduce the two helpers for general use.
>
> Signed-off-by: Kefeng Wang
> ---
> include/linux/mm.h | 12
> 1 file changed, 12 insertions(+)
>
> diff --git a/include/linux/mm.h b/include/linux/mm.h
> index 1462cf15badf..0bbeb31ac
Use the new added capable_any function in appropriate cases, where a
task is required to have any of two capabilities.
Reorder CAP_SYS_ADMIN last.
Signed-off-by: Christian Göttsche
---
v4:
Additional usage in kfd_ioctl()
v3:
rename to capable_any()
---
drivers/gpu/drm/amd/amdkfd
