[PATCH] remove suser()

Attached patch replaces the lone remaining suser() call with capable()
and then removes suser() itself in a triumphant celebration of the glory
of capable().  Or something. ;-)

Small cleanup of capable() and some comments, too.

3 files changed, 6 insertions, 29 deletions

diff --git a/drivers/net/wan/pc300_drv.c b/drivers/net/wan/pc300_drv.c
index d492de31567d..7b9b35eda90e 100644
--- a/drivers/net/wan/pc300_drv.c
+++ b/drivers/net/wan/pc300_drv.c
@@ -2564,7 +2564,7 @@ int cpc_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
 				return -EINVAL;
 			return 0;
 		case SIOCSPC300CONF:
-			if (!suser())
+			if (!capable(CAP_NET_ADMIN))
 				return -EPERM;
 			if (!arg || 
 				copy_from_user(&conf_aux.conf, arg, sizeof(pc300chconf_t)))
diff --git a/include/linux/compatmac.h b/include/linux/compatmac.h
index 72f9151b8a84..1e28380cabb7 100644
--- a/include/linux/compatmac.h
+++ b/include/linux/compatmac.h
@@ -102,8 +102,6 @@ static inline void *ioremap(unsigned long base, long length)
 
 #define my_iounmap(x, b)             (((long)x<0x100000)?0:vfree ((void*)x))
 
-#define capable(x)                   suser()
-
 #define tty_flip_buffer_push(tty)    queue_task(&tty->flip.tqueue, &tq_timer)
 #define signal_pending(current)      (current->signal & ~current->blocked)
 #define schedule_timeout(to)         do {current->timeout = jiffies + (to);schedule ();} while (0)
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 228d1b979e1e..962e17896067 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -587,24 +587,10 @@ extern void free_irq(unsigned int, void *);
  * This has now become a routine instead of a macro, it sets a flag if
  * it returns true (to do BSD-style accounting where the process is flagged
  * if it uses root privs). The implication of this is that you should do
- * normal permissions checks first, and check suser() last.
+ * normal permissions checks first, and check fsuser() last.
  *
- * [Dec 1997 -- Chris Evans]
- * For correctness, the above considerations need to be extended to
- * fsuser(). This is done, along with moving fsuser() checks to be
- * last.
- *
- * These will be removed, but in the mean time, when the SECURE_NOROOT 
- * flag is set, uids don't grant privilege.
+ * suser() is gone, fsuser() should go soon too...
  */
-static inline int suser(void)
-{
-	if (!issecure(SECURE_NOROOT) && current->euid == 0) { 
-		current->flags |= PF_SUPERPRIV;
-		return 1;
-	}
-	return 0;
-}
 
 static inline int fsuser(void)
 {
@@ -616,19 +602,12 @@ static inline int fsuser(void)
 }
 
 /*
- * capable() checks for a particular capability.  
- * New privilege checks should use this interface, rather than suser() or
- * fsuser(). See include/linux/capability.h for defined capabilities.
+ * capable() checks for a particular capability.
+ * See include/linux/capability.h for defined capabilities.
  */
-
 static inline int capable(int cap)
 {
-#if 1 /* ok now */
-	if (cap_raised(current->cap_effective, cap))
-#else
-	if (cap_is_fs_cap(cap) ? current->fsuid == 0 : current->euid == 0)
-#endif
-	{
+	if (cap_raised(current->cap_effective, cap)) {
 		current->flags |= PF_SUPERPRIV;
 		return 1;
 	}