capabilities: define get_vfs_caps_from_disk when file caps are not enabled

When CONFIG_SECURITY_FILE_CAPABILITIES is not set the audit system may try to call into the capabilities function vfs_cap_from_file. This patch defines that function so kernels can build and work. Signed-off-by: N Eric Paris <eparis@redhat.com> Signed-off-by: N James Morris <jmorris@namei.org>

capabilities: define get_vfs_caps_from_disk when file caps are not enabled
When CONFIG_SECURITY_FILE_CAPABILITIES is not set the audit system may try to call into the capabilities function vfs_cap_from_file. This patch defines that function so kernels can build and work. Signed-off-by: N Eric Paris <eparis@redhat.com> Signed-off-by: N James Morris <jmorris@namei.org>
e50a906e · Eric Paris · James Morris · 2b828925 · e50a906e
隐藏空白更改
内联并排

Showing with 6 addition and 0 deletion

security/commoncap.c security/commoncap.c +6 -0

未找到文件。
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -413,6 +413,12 @@ int cap_inode_killpriv(struct dentry *dentry)
 	return 0;
 }

+int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps)
+{
+	memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data));
+ 	return -ENODATA;
+}
+
 static inline int get_file_caps(struct linux_binprm *bprm, bool *effective)
 {
 	bprm_clear_caps(bprm);