From 0e0d311ebd589e65b8e5559e067d0dd109ac3434 Mon Sep 17 00:00:00 2001
From: Ian Abbott <abbotti@mev.co.uk>
Date: Tue, 7 Jul 2015 17:06:52 +0100
Subject: [PATCH] staging: comedi: use CAP_SYS_ADMIN instead of CAP_NET_ADMIN

If the "comedi" module has been loaded with the
"comedi_num_legacy_minors" module parameter set to a non-zero value,
some reserved comedi devices get created.  These can be attached to a
low-level comedi driver using the `COMEDI_DEVCONFIG` ioctl command,
which checks for the `CAP_SYS_ADMIN` capability.  Of course, the comedi
device needs to be opened before the ioctl command can be sent.  If the
comedi device is unattached, `comedi_open()` currently requires the
`CAP_NET_ADMIN` capability.  It makes more sense to just require the
`CAP_SYS_ADMIN` capability here, so change it.

For the curious, commit a8f80e8ff94e ("Networking: use CAP_NET_ADMIN
when deciding to call request_module") changed this capability from
`CAP_SYS_MODULE` to `CAP_NET_ADMIN`, even though it doesn't seem
relevant here.  The original `CAP_SYS_MODULE` capability was due to the
function having some code to request a module using a "char-major-%i-%i"
alias, but that was never compiled in and was removed by commit
f30f2c2d417b ("staging: comedi: remove check for CONFIG_KMOD").

Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Reading git-format-patch failed