From: linux@treblig.org
To: serge@hallyn.com, linux-security-module@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
"Dr. David Alan Gilbert" <linux@treblig.org>
Subject: [PATCH] capability: Remove unused has_capability
Date: Sun, 15 Dec 2024 16:53:52 +0000 [thread overview]
Message-ID: <20241215165352.186692-1-linux@treblig.org> (raw)
From: "Dr. David Alan Gilbert" <linux@treblig.org>
The vanilla has_capability() function has been unused since 2018's
commit dcb569cf6ac9 ("Smack: ptrace capability use fixes")
Remove it.
(There is still mention in a comment in security/commoncap.c
but I suspect rather than removing the entry it might be better
to expand the comment to talk about the other
has_[ns_]capability[_noaudit] variants).
Signed-off-by: Dr. David Alan Gilbert <linux@treblig.org>
---
include/linux/capability.h | 5 -----
kernel/capability.c | 16 ----------------
2 files changed, 21 deletions(-)
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 0c356a517991..1fb08922552c 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -139,7 +139,6 @@ static inline kernel_cap_t cap_raise_nfsd_set(const kernel_cap_t a,
}
#ifdef CONFIG_MULTIUSER
-extern bool has_capability(struct task_struct *t, int cap);
extern bool has_ns_capability(struct task_struct *t,
struct user_namespace *ns, int cap);
extern bool has_capability_noaudit(struct task_struct *t, int cap);
@@ -150,10 +149,6 @@ extern bool ns_capable(struct user_namespace *ns, int cap);
extern bool ns_capable_noaudit(struct user_namespace *ns, int cap);
extern bool ns_capable_setid(struct user_namespace *ns, int cap);
#else
-static inline bool has_capability(struct task_struct *t, int cap)
-{
- return true;
-}
static inline bool has_ns_capability(struct task_struct *t,
struct user_namespace *ns, int cap)
{
diff --git a/kernel/capability.c b/kernel/capability.c
index dac4df77e376..67094b628ea9 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -289,22 +289,6 @@ bool has_ns_capability(struct task_struct *t,
return (ret == 0);
}
-/**
- * has_capability - Does a task have a capability in init_user_ns
- * @t: The task in question
- * @cap: The capability to be tested for
- *
- * Return true if the specified task has the given superior capability
- * currently in effect to the initial user namespace, false if not.
- *
- * Note that this does not set PF_SUPERPRIV on the task.
- */
-bool has_capability(struct task_struct *t, int cap)
-{
- return has_ns_capability(t, &init_user_ns, cap);
-}
-EXPORT_SYMBOL(has_capability);
-
/**
* has_ns_capability_noaudit - Does a task have a capability (unaudited)
* in a specific user ns.
--
2.47.1
next reply other threads:[~2024-12-15 16:53 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-15 16:53 linux [this message]
2024-12-18 21:31 ` [PATCH] capability: Remove unused has_capability Paul Moore
2024-12-18 22:11 ` Dr. David Alan Gilbert
2024-12-19 2:24 ` Paul Moore
2024-12-19 14:19 ` Dr. David Alan Gilbert
2024-12-19 14:55 ` Paul Moore
2024-12-19 17:29 ` Dr. David Alan Gilbert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241215165352.186692-1-linux@treblig.org \
--to=linux@treblig.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.