LSM: SafeSetID: fix use of literal -1 in capable hook
authorJann Horn <jannh@google.com>
Wed, 10 Apr 2019 16:56:27 +0000 (09:56 -0700)
committerMicah Morton <mortonm@chromium.org>
Mon, 15 Jul 2019 15:08:03 +0000 (08:08 -0700)
The capable() hook returns an error number. -EPERM is actually the same as
-1, so this doesn't make a difference in behavior.

Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Micah Morton <mortonm@chromium.org>
security/safesetid/lsm.c

index 22964e2a61874b2f063b3244220f1c2933dd6678..7760019ad35d9f60c04023d36f03e1ba2e4b8d34 100644 (file)
@@ -90,7 +90,7 @@ static int safesetid_security_capable(const struct cred *cred,
         */
        pr_warn("Operation requires CAP_SETUID, which is not available to UID %u for operations besides approved set*uid transitions\n",
                __kuid_val(cred->uid));
-       return -1;
+       return -EPERM;
 }
 
 /*