selinux,smack: remove the capability checks in the removexattr hooks

Commit 61df7b828204 ("lsm: fixup the inode xattr capability handling") moved the responsibility of doing the inode xattr capability checking out of the individual LSMs and into the LSM framework itself. Unfortunately, while the original commit added the capability checks to both the setxattr and removexattr code in the LSM framework, it only removed the setxattr capability checks from the individual LSMs, leaving duplicated removexattr capability checks in both the SELinux and Smack code. This patch removes the duplicated code from SELinux and Smack. Fixes: 61df7b828204 ("lsm: fixup the inode xattr capability handling") Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Paul Moore <paul@paul-moore.com> 2024-07-03 17:00:20 -0400
committer: Paul Moore <paul@paul-moore.com> 2024-07-09 15:15:57 -0400
commit: dd44477e7fa15ba3b100dfc67bf7cf083f3dccf6 (patch)
tree: 22ba518b7db57a8548afca6bdf2c1e20afe59f7b /security/smack
parent: 61df7b82820494368bd46071ca97e43a3dfc3b11 (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 1833bd50d97a..7d6d58868775 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1461,8 +1461,7 @@ static int smack_inode_removexattr(struct mnt_idmap *idmap,
 	    strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
 		if (!smack_privileged(CAP_MAC_ADMIN))
 			rc = -EPERM;
-	} else
-		rc = cap_inode_removexattr(idmap, dentry, name);
+	}
 
 	if (rc != 0)
 		return rc;
author	Paul Moore <paul@paul-moore.com>	2024-07-03 17:00:20 -0400
committer	Paul Moore <paul@paul-moore.com>	2024-07-09 15:15:57 -0400
commit	dd44477e7fa15ba3b100dfc67bf7cf083f3dccf6 (patch)
tree	22ba518b7db57a8548afca6bdf2c1e20afe59f7b /security/smack
parent	61df7b82820494368bd46071ca97e43a3dfc3b11 (diff)