capabitlies: ns_capable can use the cap helpers rather than lsm call

Just to reduce the number of places to change if we every change the LSM
hook, use the capability helpers internally when possible.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>

diff --git a/kernel/capability.c b/kernel/capability.c
index 5f99e5d68e1f97b680d6e370be49c89190eaad93..47626446c39affe8247c38787bf83f5c40a0a643 100644 (file)
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -384,7 +384,7 @@ bool ns_capable(struct user_namespace *ns, int cap)
                BUG();
        }
 
-       if (security_capable(current_cred(), ns, cap) == 0) {
+       if (has_ns_capability(current, ns, cap)) {
                current->flags |= PF_SUPERPRIV;
                return true;
        }