diff options
author | Eric Paris <eparis@redhat.com> | 2012-01-03 18:25:16 +0100 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2012-01-06 00:53:01 +0100 |
commit | fd778461524849afd035679030ae8e8873c72b81 (patch) | |
tree | 32a5849c1879413fce0307af304e372eaa8225b4 /kernel/audit.c | |
parent | ptrace: do not audit capability check when outputing /proc/pid/stat (diff) | |
download | linux-fd778461524849afd035679030ae8e8873c72b81.tar.xz linux-fd778461524849afd035679030ae8e8873c72b81.zip |
security: remove the security_netlink_recv hook as it is equivalent to capable()
Once upon a time netlink was not sync and we had to get the effective
capabilities from the skb that was being received. Today we instead get
the capabilities from the current task. This has rendered the entire
purpose of the hook moot as it is now functionally equivalent to the
capable() call.
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel/audit.c')
-rw-r--r-- | kernel/audit.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 0a1355ca3d79..f3ba55fa0b70 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -601,13 +601,13 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type) case AUDIT_TTY_SET: case AUDIT_TRIM: case AUDIT_MAKE_EQUIV: - if (security_netlink_recv(skb, CAP_AUDIT_CONTROL)) + if (!capable(CAP_AUDIT_CONTROL)) err = -EPERM; break; case AUDIT_USER: case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG: case AUDIT_FIRST_USER_MSG2 ... AUDIT_LAST_USER_MSG2: - if (security_netlink_recv(skb, CAP_AUDIT_WRITE)) + if (!capable(CAP_AUDIT_WRITE)) err = -EPERM; break; default: /* bad msg */ |