kernel: Add noaudit variant of ns_capable()
When checking the current cred for a capability in a specific user namespace, it isn't always desirable to have the LSMs audit the check. This patch adds a noaudit variant of ns_capable() for when those situations arise. The common logic between ns_capable() and the new ns_capable_noaudit() is moved into a single, shared function to keep duplicated code to a minimum and ease maintainability. Signed-off-by: NTyler Hicks <tyhicks@canonical.com> Acked-by: NSerge E. Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: NJames Morris <james.l.morris@oracle.com>
Showing
想要评论请 注册 或 登录