path: root/security/smack
diff options
authorMicah Morton <mortonm@chromium.org>2019-01-07 16:10:53 -0800
committerJames Morris <james.morris@microsoft.com>2019-01-10 14:16:06 -0800
commitc1a85a00ea66cb6f0bd0f14e47c28c2b0999799f (patch)
tree310c082e0b41d2d3ff8b619553ed5e45ad244862 /security/smack
parent2233975cd7927672525361c4c6eebc0b8d018a74 (diff)
LSM: generalize flag passing to security_capable
This patch provides a general mechanism for passing flags to the security_capable LSM hook. It replaces the specific 'audit' flag that is used to tell security_capable whether it should log an audit message for the given capability check. The reason for generalizing this flag passing is so we can add an additional flag that signifies whether security_capable is being called by a setid syscall (which is needed by the proposed SafeSetID LSM). Signed-off-by: Micah Morton <mortonm@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.morris@microsoft.com>
Diffstat (limited to 'security/smack')
1 files changed, 1 insertions, 1 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 489d49a20b47..fe2ce3a65822 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -640,7 +640,7 @@ bool smack_privileged_cred(int cap, const struct cred *cred)
struct smack_known_list_elem *sklep;
int rc;
- rc = cap_capable(cred, &init_user_ns, cap, SECURITY_CAP_AUDIT);
+ rc = cap_capable(cred, &init_user_ns, cap, CAP_OPT_NONE);
if (rc)
return false;