LSM: generalize flag passing to security_capable

This patch provides a general mechanism for passing flags to the security_capable LSM hook. It replaces the specific 'audit' flag that is used to tell security_capable whether it should log an audit message for the given capability check. The reason for generalizing this flag passing is so we can add an additional flag that signifies whether security_capable is being called by a setid syscall (which is needed by the proposed SafeSetID LSM). Signed-off-by: Micah Morton <mortonm@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.morris@microsoft.com>
author: Micah Morton <mortonm@chromium.org> 2019-01-07 16:10:53 -0800
committer: James Morris <james.morris@microsoft.com> 2019-01-10 14:16:06 -0800
commit: c1a85a00ea66cb6f0bd0f14e47c28c2b0999799f (patch)
tree: 310c082e0b41d2d3ff8b619553ed5e45ad244862 /kernel/seccomp.c
parent: 2233975cd7927672525361c4c6eebc0b8d018a74 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index d7f538847b84..38a77800def6 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -443,8 +443,8 @@ static struct seccomp_filter *seccomp_prepare_filter(struct sock_fprog *fprog)
 	 * behavior of privileged children.
 	 */
 	if (!task_no_new_privs(current) &&
-	    security_capable_noaudit(current_cred(), current_user_ns(),
-				     CAP_SYS_ADMIN) != 0)
+	    security_capable(current_cred(), current_user_ns(),
+				     CAP_SYS_ADMIN, CAP_OPT_NOAUDIT) != 0)
 		return ERR_PTR(-EACCES);
 
 	/* Allocate a new seccomp_filter */
author	Micah Morton <mortonm@chromium.org>	2019-01-07 16:10:53 -0800
committer	James Morris <james.morris@microsoft.com>	2019-01-10 14:16:06 -0800
commit	c1a85a00ea66cb6f0bd0f14e47c28c2b0999799f (patch)
tree	310c082e0b41d2d3ff8b619553ed5e45ad244862 /kernel/seccomp.c
parent	2233975cd7927672525361c4c6eebc0b8d018a74 (diff)