summaryrefslogtreecommitdiff
path: root/include/linux/cred.h
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2012-01-03 12:25:15 -0500
committerEric Paris <eparis@redhat.com>2012-01-05 18:52:59 -0500
commitf1c84dae0ecc51aa35c81f19a0ebcd6c0921ddcb (patch)
tree59d729bb7806e42a13f0ec1657c90b717c314002 /include/linux/cred.h
parentd2a7009f0bb03fa22ad08dd25472efa0568126b9 (diff)
downloadlwn-f1c84dae0ecc51aa35c81f19a0ebcd6c0921ddcb.tar.gz
lwn-f1c84dae0ecc51aa35c81f19a0ebcd6c0921ddcb.zip
capabilities: remove task_ns_* functions
task_ in the front of a function, in the security subsystem anyway, means to me at least, that we are operating with that task as the subject of the security decision. In this case what it means is that we are using current as the subject but we use the task to get the right namespace. Who in the world would ever realize that's what task_ns_capability means just by the name? This patch eliminates the task_ns functions entirely and uses the has_ns_capability function instead. This means we explicitly open code the ns in question in the caller. I think it makes the caller a LOT more clear what is going on. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>
Diffstat (limited to 'include/linux/cred.h')
-rw-r--r--include/linux/cred.h6
1 files changed, 4 insertions, 2 deletions
diff --git a/include/linux/cred.h b/include/linux/cred.h
index 40308969ed00..adadf71a7327 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -358,10 +358,12 @@ static inline void put_cred(const struct cred *_cred)
#define current_security() (current_cred_xxx(security))
#ifdef CONFIG_USER_NS
-#define current_user_ns() (current_cred_xxx(user_ns))
+#define current_user_ns() (current_cred_xxx(user_ns))
+#define task_user_ns(task) (task_cred_xxx((task), user_ns))
#else
extern struct user_namespace init_user_ns;
-#define current_user_ns() (&init_user_ns)
+#define current_user_ns() (&init_user_ns)
+#define task_user_ns(task) (&init_user_ns)
#endif