From 9a1a77bfc0c2ef7f58d29aea1f7ed9e1b696787d Mon Sep 17 00:00:00 2001
From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Sun, 14 Apr 2013 10:06:31 -0700
Subject: [PATCH] --- yaml --- r: 362503 b: refs/heads/master c:
 935d8aabd4331f47a89c3e1daa5779d23cf244ee h: refs/heads/master i:   362501:
 3571123cdb9eaf92f318c758dcd7a77480503384   362499:
 b398082cfee9157fb21fd0f18b3d41ab4f6771cf   362495:
 e1a0a1e1ac1b3091aa497e4f7589c8e08ec128d7 v: v3

---
 [refs]                           |  2 +-
 trunk/include/linux/capability.h |  2 ++
 trunk/kernel/capability.c        | 24 ++++++++++++++++++++++++
 3 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/[refs] b/[refs]
index 804c62711ab0..0cfa2beed7e1 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 5b55d708335a9e3e4f61f2dadf7511502205ccd1
+refs/heads/master: 935d8aabd4331f47a89c3e1daa5779d23cf244ee
diff --git a/trunk/include/linux/capability.h b/trunk/include/linux/capability.h
index 98503b792369..d9a4f7f40f32 100644
--- a/trunk/include/linux/capability.h
+++ b/trunk/include/linux/capability.h
@@ -35,6 +35,7 @@ struct cpu_vfs_cap_data {
 #define _KERNEL_CAP_T_SIZE     (sizeof(kernel_cap_t))
 
 
+struct file;
 struct inode;
 struct dentry;
 struct user_namespace;
@@ -211,6 +212,7 @@ extern bool capable(int cap);
 extern bool ns_capable(struct user_namespace *ns, int cap);
 extern bool nsown_capable(int cap);
 extern bool inode_capable(const struct inode *inode, int cap);
+extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap);
 
 /* audit system wants to get cap info from files as well */
 extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
diff --git a/trunk/kernel/capability.c b/trunk/kernel/capability.c
index 493d97259484..f6c2ce5701e1 100644
--- a/trunk/kernel/capability.c
+++ b/trunk/kernel/capability.c
@@ -392,6 +392,30 @@ bool ns_capable(struct user_namespace *ns, int cap)
 }
 EXPORT_SYMBOL(ns_capable);
 
+/**
+ * file_ns_capable - Determine if the file's opener had a capability in effect
+ * @file:  The file we want to check
+ * @ns:  The usernamespace we want the capability in
+ * @cap: The capability to be tested for
+ *
+ * Return true if task that opened the file had a capability in effect
+ * when the file was opened.
+ *
+ * This does not set PF_SUPERPRIV because the caller may not
+ * actually be privileged.
+ */
+bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap)
+{
+	if (WARN_ON_ONCE(!cap_valid(cap)))
+		return false;
+
+	if (security_capable(file->f_cred, ns, cap) == 0)
+		return true;
+
+	return false;
+}
+EXPORT_SYMBOL(file_ns_capable);
+
 /**
  * capable - Determine if the current task has a superior capability in effect
  * @cap: The capability to be tested for