From: Eric Paris <eparis@redhat.com>
Date: Tue, 3 Jan 2012 17:25:15 +0000 (-0500)
Subject: capabilities: introduce security_capable_noaudit
X-Git-Tag: v3.3-rc1~54^2~9
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c7eba4a97563fd8b431787f7ad623444f2da80c6;p=pandora-kernel.git

capabilities: introduce security_capable_noaudit

Exactly like security_capable except don't audit any denials.  This is for
places where the kernel may make decisions about what to do if a task has a
given capability, but which failing that capability is not a sign of a
security policy violation.  An example is checking if a task has
CAP_SYS_ADMIN to lower it's likelyhood of being killed by the oom killer.
This check is not a security violation if it is denied.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>
---

Reading git-diff-tree failed