From e42a184abbfa9710bfa49dd5ad04348fb3bb0cf8 Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@redhat.com>
Date: Tue, 3 Jan 2012 12:25:15 -0500
Subject: [PATCH] --- yaml --- r: 285033 b: refs/heads/master c:
 25e75703410a84b80623da3653db6b70282e5c6a h: refs/heads/master i:   285031:
 623200ece49e382ab59304215727a263345fc1b7 v: v3

---
 [refs]                    |  2 +-
 trunk/kernel/capability.c | 26 ++++++++++----------------
 2 files changed, 11 insertions(+), 17 deletions(-)

diff --git a/[refs] b/[refs]
index cdca1cebe9d5..2a8cd0a43b74 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 2920a8409de5a51575d03deca07e5bb2be6fc98d
+refs/heads/master: 25e75703410a84b80623da3653db6b70282e5c6a
diff --git a/trunk/kernel/capability.c b/trunk/kernel/capability.c
index ff50ab62cfca..fb815d1b9ea2 100644
--- a/trunk/kernel/capability.c
+++ b/trunk/kernel/capability.c
@@ -287,47 +287,41 @@ SYSCALL_DEFINE2(capset, cap_user_header_t, header, const cap_user_data_t, data)
 }
 
 /**
- * has_capability - Does a task have a capability in init_user_ns
+ * has_ns_capability - Does a task have a capability in a specific user ns
  * @t: The task in question
+ * @ns: target user namespace
  * @cap: The capability to be tested for
  *
  * Return true if the specified task has the given superior capability
- * currently in effect to the initial user namespace, false if not.
+ * currently in effect to the specified user namespace, false if not.
  *
  * Note that this does not set PF_SUPERPRIV on the task.
  */
-bool has_capability(struct task_struct *t, int cap)
+bool has_ns_capability(struct task_struct *t,
+		       struct user_namespace *ns, int cap)
 {
 	int ret;
 
 	rcu_read_lock();
-	ret = security_capable(__task_cred(t), &init_user_ns, cap);
+	ret = security_capable(__task_cred(t), ns, cap);
 	rcu_read_unlock();
 
 	return (ret == 0);
 }
 
 /**
- * has_capability - Does a task have a capability in a specific user ns
+ * has_capability - Does a task have a capability in init_user_ns
  * @t: The task in question
- * @ns: target user namespace
  * @cap: The capability to be tested for
  *
  * Return true if the specified task has the given superior capability
- * currently in effect to the specified user namespace, false if not.
+ * currently in effect to the initial user namespace, false if not.
  *
  * Note that this does not set PF_SUPERPRIV on the task.
  */
-bool has_ns_capability(struct task_struct *t,
-		       struct user_namespace *ns, int cap)
+bool has_capability(struct task_struct *t, int cap)
 {
-	int ret;
-
-	rcu_read_lock();
-	ret = security_capable(__task_cred(t), ns, cap);
-	rcu_read_unlock();
-
-	return (ret == 0);
+	return has_ns_capability(t, &init_user_ns, cap);
 }
 
 /**