selinux: drop the BUG() in cred_has_capability()
authorPaul Moore <paul@paul-moore.com>
Wed, 14 Jan 2026 21:23:47 +0000 (16:23 -0500)
committerPaul Moore <paul@paul-moore.com>
Wed, 14 Jan 2026 21:26:21 +0000 (16:26 -0500)
With the compile time check located immediately above the
cred_has_capability() function ensuring that we will notice if the
capability set grows beyond 63 capabilities, we can safely remove
the BUG() call from the cred_has_capability().

Signed-off-by: Paul Moore <paul@paul-moore.com>
security/selinux/hooks.c

index 9289ed8..feda34b 100644 (file)
@@ -1659,7 +1659,6 @@ static int cred_has_capability(const struct cred *cred,
                break;
        default:
                pr_err("SELinux:  out of range capability %d\n", cap);
-               BUG();
                return -EINVAL;
        }