Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp1119020rwd; Tue, 16 May 2023 12:05:10 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7pnsAhyqtqfUb0euhLz8Y8xpqLyUTZ4wQyzlpgP3OgooDiSFzNrhF2Av8pVLjbnyTnpJ09 X-Received: by 2002:a17:903:32c6:b0:1ad:d935:a29d with SMTP id i6-20020a17090332c600b001add935a29dmr22606902plr.39.1684263909083; Tue, 16 May 2023 12:05:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684263909; cv=none; d=google.com; s=arc-20160816; b=bOK7O+sjncHzGJxV/1/n+tqdHUu6GuiWT0Y197NIt0HuePLstEJMChgsQNUQ7AFml8 /vRtqZ5MR19Rb/leLvqPTR80c0lOCZB/jLEQwEhDkcMp7xymi9W0tMk2wZiu1IBfUFne /N/mGDopAxJqnUD9mMNkqpes+MtBpspVtqkQYSxP7nbKM8HVObJg/bm+d/YfWO0VI5kK 1644mUtgwlNfgZLitoBCrwg3XeYBJeei9njZqggNqjmirXG66FUofl93Ev7tp8+mRyuC vhZBZWx30LgHgnEaPvNaCvyBSFPH0wOZHV8lIcU3eekDUw+h0zbqldzXsP+H98VaIHMp E2og== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=ctdc7Vyub0mk2EGAJTcTi0bqYHOoN+2odaP2Y74iYhQ=; b=PqoT/w+RaniLxL/+3YkdcgPYYzAUmtsEojgDTXHf0xjSDOs17eWiNDrtrMwtDQd5OD e7Un+xM78MkLxqE55ZViSuOuNIaLHbzmVY57A5tq2n0Ihy5ZgGBUtmiKfWVVsWgB0kvz ToAqf9Hf9Bhq0clEn9/Yjcx+saGZqCKd72QaLyC6iqN+75pwzzi9UdTDVUOoBJQzGag6 vWKvM4ruwKz5SfQHZBsw1fybTckQoHG0mtf2G8ZgJgDCqfM1KDmXgsW3mOl29bfOP0GU i3gZNgYRU1J47chZtvGb1bbJlh2bF5hsQOVMR7Zl+rukSQDAZlOBeA/eddeq7z8rtZUZ TUTA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=ITTFYV9T; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q6-20020a170902a3c600b001aade54f986si18228089plb.249.2023.05.16.12.04.53; Tue, 16 May 2023 12:05:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=ITTFYV9T; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229881AbjEPSmp (ORCPT + 99 others); Tue, 16 May 2023 14:42:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51010 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230110AbjEPSmo (ORCPT ); Tue, 16 May 2023 14:42:44 -0400 Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A08D58682; Tue, 16 May 2023 11:42:41 -0700 (PDT) Received: by mail-ed1-x534.google.com with SMTP id 4fb4d7f45d1cf-50bc0117683so25648466a12.1; Tue, 16 May 2023 11:42:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1684262560; x=1686854560; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=ctdc7Vyub0mk2EGAJTcTi0bqYHOoN+2odaP2Y74iYhQ=; b=ITTFYV9T1R0GCoNhHcirFKAfxFgL9j67lWUr6BaPppSIm8pNaLJGdLD1e9JxWTi4nh aifTJbWIjyEOctvzEoey3XKA3OO5GctYulwVfv+shOcOfDJQTEwnXC2PQuJI4kGjZSUB txhqj858QhYHIbMuQV7V6JzldmbLoZL4bvloWK9n+UUIBJvEOududEHqm7SabzlpWw37 NjEo7QTa58bf9G3mwyYTi2A+s++GIGZy5WDYKSPmsS3qJSu//Ooeww60wQRjPXPp6Y3P diVnqUEE6m8JzLKNpFc6WVsUx0Ff1oD8UVyudDpP7+nCcRWlu2KmfTNGYq5CJoVfUA5w tDWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684262560; x=1686854560; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ctdc7Vyub0mk2EGAJTcTi0bqYHOoN+2odaP2Y74iYhQ=; b=g/B7KHG2ZhUFTHk5Evl8zkW2Mtz3mGW6O5rcQaxgUeV5B1qfo6JfuBv20v2IiC+O8x 01DIA8qjwFWROxgwF3xRSbx6AV/FNE3Lh/siP+eUGqekf6j5eHEGnGEMqcMya3Vi18aH lXzd6JoAFjj1/r3hL6xLm4CT+Q50jYje82QMQ06U9hRy2nO6aoaneUQwprU68np8gKQN UyEQmU/m+3NVC1vB5HVKVSmg3i7Tm9OpjqyWZd7C4bxWaEgalZw97rILEZGn80svzKa0 B2fw6VPyynD6duNqjbfDmq+elOXzlf9FmZ5BRxPsM/+qCFIm5UA0pliX5r+PTuRkvsLq 7KOQ== X-Gm-Message-State: AC+VfDxnCrFLHf57MM0QYkoAfRr5QnavUNxgeJff6VELWuJcuXIHofMn PB1XaGwqyE194aRrFbPT7p3C/n5I0oEiRXkAJSpuxGMgpwjqhA== X-Received: by 2002:aa7:cfcc:0:b0:50b:fb29:1d8f with SMTP id r12-20020aa7cfcc000000b0050bfb291d8fmr228386edy.0.1684262559943; Tue, 16 May 2023 11:42:39 -0700 (PDT) MIME-Version: 1.0 References: <20230511142535.732324-1-cgzones@googlemail.com> <20230511142535.732324-3-cgzones@googlemail.com> In-Reply-To: <20230511142535.732324-3-cgzones@googlemail.com> From: Andrii Nakryiko Date: Tue, 16 May 2023 11:42:27 -0700 Message-ID: Subject: Re: [PATCH v4 3/9] capability: use new capable_any functionality To: =?UTF-8?Q?Christian_G=C3=B6ttsche?= Cc: selinux@vger.kernel.org, Serge Hallyn , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, May 11, 2023 at 7:27=E2=80=AFAM Christian G=C3=B6ttsche wrote: > > Use the new added capable_any function in appropriate cases, where a > task is required to have any of two capabilities. > > Signed-off-by: Christian G=C3=B6ttsche > --- > v3: > - rename to capable_any() > - simplify checkpoint_restore_ns_capable() > --- > include/linux/capability.h | 7 +++---- > 1 file changed, 3 insertions(+), 4 deletions(-) > > diff --git a/include/linux/capability.h b/include/linux/capability.h > index eeb958440656..4db0ffb47271 100644 > --- a/include/linux/capability.h > +++ b/include/linux/capability.h > @@ -204,18 +204,17 @@ extern bool file_ns_capable(const struct file *file= , struct user_namespace *ns, > extern bool ptracer_capable(struct task_struct *tsk, struct user_namespa= ce *ns); > static inline bool perfmon_capable(void) > { > - return capable(CAP_PERFMON) || capable(CAP_SYS_ADMIN); > + return capable_any(CAP_PERFMON, CAP_SYS_ADMIN); > } > > static inline bool bpf_capable(void) > { > - return capable(CAP_BPF) || capable(CAP_SYS_ADMIN); > + return capable_any(CAP_BPF, CAP_SYS_ADMIN); > } > For bpf parts: Acked-by: Andrii Nakryiko > static inline bool checkpoint_restore_ns_capable(struct user_namespace *= ns) > { > - return ns_capable(ns, CAP_CHECKPOINT_RESTORE) || > - ns_capable(ns, CAP_SYS_ADMIN); > + return ns_capable_any(ns, CAP_CHECKPOINT_RESTORE, CAP_SYS_ADMIN); > } > > /* audit system wants to get cap info from files as well */ > -- > 2.40.1 > >