Quoting Eric Paris (eparis(a)redhat.com):
Document the order of arguments for cap_issubset. It's not
instantly clear
which order the argument should be in. So give an example.
Signed-off-by: Eric Paris <eparis(a)redhat.com>
Acked-by: Serge Hallyn <serue(a)us.ibm.com>
Thanks, Eric.
-serge
---
include/linux/capability.h | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 9d1fe30..9f44150 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -454,6 +454,13 @@ static inline int cap_isclear(const kernel_cap_t a)
return 1;
}
+/*
+ * Check if "a" is a subset of "set".
+ * return 1 if ALL of the capabilities in "a" are also in "set"
+ * cap_issubset(0101, 1111) will return 1
+ * return 0 if ANY of the capabilities in "a" are not in "set"
+ * cap_issubset(1111, 0101) will return 0
+ */
static inline int cap_issubset(const kernel_cap_t a, const kernel_cap_t set)
{
kernel_cap_t dest;