diff mbox series

[v2,09/25] commoncap: use is_fscaps_xattr()

Message ID 20240221-idmap-fscap-refactor-v2-9-3039364623bd@kernel.org (mailing list archive)
State Changes Requested
Delegated to: Paul Moore
Headers show
Series fs: use type-safe uid representation for filesystem capabilities | expand

Commit Message

Seth Forshee (DigitalOcean) Feb. 21, 2024, 9:24 p.m. UTC 
Signed-off-by: Seth Forshee (DigitalOcean) <sforshee@kernel.org>
---
 security/commoncap.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Christian Brauner Feb. 23, 2024, 8:10 a.m. UTC | #1 
On Wed, Feb 21, 2024 at 03:24:40PM -0600, Seth Forshee (DigitalOcean) wrote:
> Signed-off-by: Seth Forshee (DigitalOcean) <sforshee@kernel.org>
> ---

Looks good,
Reviewed-by: Christian Brauner <brauner@kernel.org>
diff mbox series

Patch

diff --git a/security/commoncap.c b/security/commoncap.c
index 289530e58c37..19affcfa3126 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -1205,7 +1205,7 @@  int cap_inode_setxattr(struct dentry *dentry, const char *name,
 	 * For XATTR_NAME_CAPS the check will be done in
 	 * cap_convert_nscap(), called by setxattr()
 	 */
-	if (strcmp(name, XATTR_NAME_CAPS) == 0)
+	if (is_fscaps_xattr(name))
 		return 0;
 
 	if (!ns_capable(user_ns, CAP_SYS_ADMIN))
@@ -1242,7 +1242,7 @@  int cap_inode_removexattr(struct mnt_idmap *idmap,
 			XATTR_SECURITY_PREFIX_LEN) != 0)
 		return 0;
 
-	if (strcmp(name, XATTR_NAME_CAPS) == 0) {
+	if (is_fscaps_xattr(name)) {
 		/* security.capability gets namespaced */
 		struct inode *inode = d_backing_inode(dentry);
 		if (!inode)