[PATCH 2/2] security/capability.h: cap_issubset/isclear can be boolean

This patch makes cap_issubset/isclear return bool due to these functions only using either one or zero as their return value. No functional change. Signed-off-by: Yaowei Bai --- include/linux/capability.h | 16 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/inclu

[PATCH 1/2] security: remove unused cap_is_fs_cap function

Since commit 3bc1fa8a ("LSM: remove BSD secure level security module") there is no user of cap_is_fs_cap any more, so remove it. Signed-off-by: Yaowei Bai --- include/linux/capability.h | 6 -- 1 file changed, 6 deletions(-) diff --git a/include/linux/capability.h b/include/linux/capability

[PATCH 3/3] apparmor: use list_next_entry instead of list_entry_next

list_next_entry has been defined in list.h, so I replace list_entry_next with it. Signed-off-by: Geliang Tang --- security/apparmor/apparmorfs.c | 8 +++- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index ad4fa

Re: [PATCH v5 2/3] Create IMA machine owner and blacklist keyrings;

On Mon, 2015-11-02 at 00:32 +0200, Petko Manolov wrote: > This option creates IMA MOK and blacklist keyrings. IMA MOK is an > intermediate keyring that sits between .system and .ima keyrings, > effectively forming a simple CA hierarchy. To successfully import a key > into .ima_mok it must be sign