capabitlies: ns_capable can use the cap helpers rather than lsm call
Just to reduce the number of places to change if we every change the LSM hook, use the capability helpers internally when possible. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>
This commit is contained in:
parent
105ddf49cd
commit
d2a7009f0b
|
@ -384,7 +384,7 @@ bool ns_capable(struct user_namespace *ns, int cap)
|
||||||
BUG();
|
BUG();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (security_capable(current_cred(), ns, cap) == 0) {
|
if (has_ns_capability(current, ns, cap)) {
|
||||||
current->flags |= PF_SUPERPRIV;
|
current->flags |= PF_SUPERPRIV;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue