Smack: change rule cap check

smk_write_change_rule() is calling capable rather than the more correct smack_privileged(). This allows for setting rules in violation of the onlycap facility. This is the simple repair. Targeted for git://git.gitorious.org/smack-next/kernel.gitSigned-off-by: Casey Schaufler <casey@schaufler-ca.com>

Smack: change rule cap check
smk_write_change_rule() is calling capable rather than the more correct smack_privileged(). This allows for setting rules in violation of the onlycap facility. This is the simple repair. Targeted for git://git.gitorious.org/smack-next/kernel.gitSigned-off-by: Casey Schaufler <casey@schaufler-ca.com>
4afde48b · Casey Schaufler · 00f84f3f · 4afde48b
Commit 4afde48b authored Dec 19, 2013 by Casey Schaufler
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

security/smack/smackfs.c security/smack/smackfs.c +1 -1

No files found.
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -2152,7 +2152,7 @@ static ssize_t smk_write_change_rule(struct file *file, const char __user *buf,
 	/*
 	 * Must have privilege.
 	 */
-	if (!capable(CAP_MAC_ADMIN))
+	if (!smack_privileged(CAP_MAC_ADMIN))
 		return -EPERM;
 	return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,