X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=kernel%2Fcapability.c;h=b6df4042004198b27c3ecbcb41bff950d0b5052b;hb=refs%2Fheads%2Fvserver;hp=6e3c421f6b0b7d8d3a2166525d32d369a3094a03;hpb=16c70f8c1b54b61c3b951b6fb220df250fe09b32;p=linux-2.6.git

diff --git a/kernel/capability.c b/kernel/capability.c
index 6e3c421f6..b6df40420 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -12,6 +12,7 @@
 #include <linux/module.h>
 #include <linux/security.h>
 #include <linux/syscalls.h>
+#include <linux/vs_context.h>
 #include <asm/uaccess.h>
 
 unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */
@@ -101,6 +102,8 @@ static inline int cap_set_pg(int pgrp, kernel_cap_t *effective,
 	int found = 0;
 
 	do_each_task_pid(pgrp, PIDTYPE_PGID, g) {
+		if (!vx_check(g->xid, VS_ADMIN_P | VS_IDENT))
+			continue;
 		target = g;
 		while_each_thread(g, target) {
 			if (!security_capset_check(target, effective,
@@ -133,7 +136,7 @@ static inline int cap_set_all(kernel_cap_t *effective,
      int found = 0;
 
      do_each_thread(g, target) {
-             if (target == current || target->pid == 1)
+             if (target == current || is_init(target))
                      continue;
              found = 1;
 	     if (security_capset_check(target, effective, inheritable,
@@ -244,10 +247,11 @@ int __capable(struct task_struct *t, int cap)
 }
 EXPORT_SYMBOL(__capable);
 
+#include <linux/vserver/base.h>
 int capable(int cap)
 {
 	/* here for now so we don't require task locking */
-	if (vx_check_bit(VXC_CAP_MASK, cap) && !vx_mcaps(1L << cap))
+	if (vs_check_bit(VXC_CAP_MASK, cap) && !vx_mcaps(1L << cap))
 		return 0;
 	return __capable(current, cap);
 }