capabilities: define get_vfs_caps_from_disk when file caps are not enabled

When CONFIG_SECURITY_FILE_CAPABILITIES is not set the audit system may
try to call into the capabilities function vfs_cap_from_file.  This
patch defines that function so kernels can build and work.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>

diff --git a/security/commoncap.c b/security/commoncap.c
index 19cb398..7971354 100644 (file)
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -413,6 +413,12 @@ int cap_inode_killpriv(struct dentry *dentry)
        return 0;
 }
 
+int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps)
+{
+       memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data));
+       return -ENODATA;
+}
+
 static inline int get_file_caps(struct linux_binprm *bprm, bool *effective)
 {
        bprm_clear_caps(bprm);