Re: [PATCH v8 08/19] ima: Use mac_admin_ns_capable() to check corresponding capability

From: Mimi Zohar
Date: Thu Jan 13 2022 - 15:28:47 EST

Next message: Guenter Roeck: "Re: [PATCH] driver core: platform: Rename platform_get_irq_optional() to platform_get_irq_silent()"
Previous message: Mimi Zohar: "Re: [PATCH v8 07/19] ima: Move dentry into ima_namespace and others onto stack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Stefan, Denis,

mac_admin_ns_capable() is being introduced in this patch. Either
rename the "Subject" line as "ima: replace capable() call with
ns_capable()" or "ima: define mac_admin_ns_capable() as a wrapper for
ns_capable()".

On Tue, 2022-01-04 at 12:04 -0500, Stefan Berger wrote:
> From: Stefan Berger <stefanb@xxxxxxxxxxxxx>
>
> Use mac_admin_ns_capable() to check corresponding capability to allow
> read/write IMA policy without CAP_SYS_ADMIN but with CAP_MAC_ADMIN.

Updatethe patch description accordingly.

>
> Signed-off-by: Denis Semakin <denis.semakin@xxxxxxxxxx>
> Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>

thanks,

Mimi

Next message: Guenter Roeck: "Re: [PATCH] driver core: platform: Rename platform_get_irq_optional() to platform_get_irq_silent()"
Previous message: Mimi Zohar: "Re: [PATCH v8 07/19] ima: Move dentry into ima_namespace and others onto stack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]