#include <linux/module.h>
#include <linux/security.h>
#include <linux/syscalls.h>
-#include <linux/vs_cvirt.h>
+#include <linux/vs_context.h>
#include <asm/uaccess.h>
unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */
int ret = 0;
pid_t pid;
__u32 version;
- task_t *target;
+ struct task_struct *target;
struct __user_cap_data_struct data;
if (get_user(version, &header->version))
kernel_cap_t *inheritable,
kernel_cap_t *permitted)
{
- task_t *g, *target;
+ struct task_struct *g, *target;
int ret = -EPERM;
int found = 0;
do_each_task_pid(pgrp, PIDTYPE_PGID, g) {
+ if (!vx_check(g->xid, VS_ADMIN_P | VS_IDENT))
+ continue;
target = g;
while_each_thread(g, target) {
if (!security_capset_check(target, effective,
kernel_cap_t *inheritable,
kernel_cap_t *permitted)
{
- task_t *g, *target;
+ struct task_struct *g, *target;
int ret = -EPERM;
int found = 0;
do_each_thread(g, target) {
- if (target == current || target->pid == 1)
+ if (target == current || is_init(target))
continue;
found = 1;
if (security_capset_check(target, effective, inheritable,
{
kernel_cap_t inheritable, permitted, effective;
__u32 version;
- task_t *target;
+ struct task_struct *target;
int ret;
pid_t pid;
}
EXPORT_SYMBOL(__capable);
+#include <linux/vserver/base.h>
int capable(int cap)
{
/* here for now so we don't require task locking */
- if (vx_check_bit(VXC_CAP_MASK, cap) && !vx_mcaps(1L << cap))
+ if (vs_check_bit(VXC_CAP_MASK, cap) && !vx_mcaps(1L << cap))
return 0;
return __capable(current, cap);
}
EXPORT_SYMBOL(capable);
-