diff mbox series

[v2,6/8] kernel: use new capable_or functionality

Message ID 20220502160030.131168-5-cgzones@googlemail.com (mailing list archive)
State Superseded
Delegated to: Paul Moore
Headers show
Series [v2,1/8] capability: add capable_or to test for multiple caps with exactly one audit message | expand

Commit Message

Christian Göttsche May 2, 2022, 4 p.m. UTC
Use the new added capable_or function in appropriate cases, where a task
is required to have any of two capabilities.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 kernel/fork.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/kernel/fork.c b/kernel/fork.c
index 9796897560ab..3ae87b864380 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -2098,7 +2098,7 @@  static __latent_entropy struct task_struct *copy_process(
 	retval = -EAGAIN;
 	if (is_ucounts_overlimit(task_ucounts(p), UCOUNT_RLIMIT_NPROC, rlimit(RLIMIT_NPROC))) {
 		if (p->real_cred->user != INIT_USER &&
-		    !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN))
+		    !capable_or(CAP_SYS_RESOURCE, CAP_SYS_ADMIN))
 			goto bad_fork_cleanup_count;
 	}
 	current->flags &= ~PF_NPROC_EXCEEDED;