CRED: Fix regression in cap_capable() as shown up by sys_faccessat() [ver #2]

[linux-flexiantxendom0-natty.git] / security / security.c

diff --git a/security/security.c b/security/security.c
index d85dbb3..9bbc8e5 100644 (file)
--- a/security/security.c
+++ b/security/security.c
@@ -154,14 +154,31 @@ int security_capset(struct cred *new, const struct cred *old,
                                    effective, inheritable, permitted);
 }
 
-int security_capable(struct task_struct *tsk, int cap)
+int security_capable(int cap)
 {
-       return security_ops->capable(tsk, cap, SECURITY_CAP_AUDIT);
+       return security_ops->capable(cap, SECURITY_CAP_AUDIT);
 }
 
-int security_capable_noaudit(struct task_struct *tsk, int cap)
+int security_task_capable(struct task_struct *tsk, int cap)
 {
-       return security_ops->capable(tsk, cap, SECURITY_CAP_NOAUDIT);
+       const struct cred *cred;
+       int ret;
+
+       cred = get_task_cred(tsk);
+       ret = security_ops->task_capable(tsk, cred, cap, SECURITY_CAP_AUDIT);
+       put_cred(cred);
+       return ret;
+}
+
+int security_task_capable_noaudit(struct task_struct *tsk, int cap)
+{
+       const struct cred *cred;
+       int ret;
+
+       cred = get_task_cred(tsk);
+       ret = security_ops->task_capable(tsk, cred, cap, SECURITY_CAP_NOAUDIT);
+       put_cred(cred);
+       return ret;
 }
 
 int security_acct(struct file *file)