[PATCH -v3 1/5] Capabilities: document the order of arguments to cap_issubset
Serge E. Hallyn
serue at us.ibm.com
Mon Nov 10 14:28:10 UTC 2008
Quoting Eric Paris (eparis at redhat.com):
> Document the order of arguments for cap_issubset. It's not instantly clear
> which order the argument should be in. So give an example.
>
> Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Serge Hallyn <serue at us.ibm.com>
Thanks, Eric.
-serge
> ---
>
> include/linux/capability.h | 7 +++++++
> 1 files changed, 7 insertions(+), 0 deletions(-)
>
> diff --git a/include/linux/capability.h b/include/linux/capability.h
> index 9d1fe30..9f44150 100644
> --- a/include/linux/capability.h
> +++ b/include/linux/capability.h
> @@ -454,6 +454,13 @@ static inline int cap_isclear(const kernel_cap_t a)
> return 1;
> }
>
> +/*
> + * Check if "a" is a subset of "set".
> + * return 1 if ALL of the capabilities in "a" are also in "set"
> + * cap_issubset(0101, 1111) will return 1
> + * return 0 if ANY of the capabilities in "a" are not in "set"
> + * cap_issubset(1111, 0101) will return 0
> + */
> static inline int cap_issubset(const kernel_cap_t a, const kernel_cap_t set)
> {
> kernel_cap_t dest;
More information about the Linux-audit
mailing list