aboutsummaryrefslogtreecommitdiff
path: root/security/smack/smack.h
diff options
context:
space:
mode:
authorCasey Schaufler <casey@schaufler-ca.com>2017-05-31 13:23:41 -0700
committerCasey Schaufler <casey@schaufler-ca.com>2017-06-01 09:27:21 -0700
commitf28e783ff668cf5757182f6b00d488be37226bff (patch)
tree7d81e1fc889d8ba239cbac25d79c8d59e5f68795 /security/smack/smack.h
parent51d59af26fe81967e0d7ec92bd9381d3b26434f3 (diff)
downloadlinux-f28e783ff668cf5757182f6b00d488be37226bff.tar.gz
Smack: Use cap_capable in privilege check
Use cap_capable() rather than capable() in the Smack privilege check as the former does not invoke other security module privilege check, while the later does. This becomes important when stacking. It may be a problem even with minor modules. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security/smack/smack.h')
-rw-r--r--security/smack/smack.h2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 612b810fbbc6..6a71fc7831ab 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -320,7 +320,7 @@ int smk_netlbl_mls(int, char *, struct netlbl_lsm_secattr *, int);
struct smack_known *smk_import_entry(const char *, int);
void smk_insert_entry(struct smack_known *skp);
struct smack_known *smk_find_entry(const char *);
-int smack_privileged(int cap);
+bool smack_privileged(int cap);
void smk_destroy_label_list(struct list_head *list);
/*