[PATCH -v3 1/5] Capabilities: document the order of arguments to cap_issubset
Eric Paris
eparis at redhat.com
Fri Nov 7 15:13:55 UTC 2008
Document the order of arguments for cap_issubset. It's not instantly clear
which order the argument should be in. So give an example.
Signed-off-by: Eric Paris <eparis at redhat.com>
---
include/linux/capability.h | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 9d1fe30..9f44150 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -454,6 +454,13 @@ static inline int cap_isclear(const kernel_cap_t a)
return 1;
}
+/*
+ * Check if "a" is a subset of "set".
+ * return 1 if ALL of the capabilities in "a" are also in "set"
+ * cap_issubset(0101, 1111) will return 1
+ * return 0 if ANY of the capabilities in "a" are not in "set"
+ * cap_issubset(1111, 0101) will return 0
+ */
static inline int cap_issubset(const kernel_cap_t a, const kernel_cap_t set)
{
kernel_cap_t dest;
More information about the Linux-audit
mailing list