From mboxrd@z Thu Jan 1 00:00:00 1970 From: Glauber Costa Subject: [PATCH 3/4] fs: allow mknod in user namespaces Date: Fri, 15 Mar 2013 13:13:42 +0400 Message-ID: <1363338823-25292-4-git-send-email-glommer@parallels.com> References: <1363338823-25292-1-git-send-email-glommer@parallels.com> Cc: Andrew Morton , , "Eric W. Biederman" , Serge Hallyn , , , Glauber Costa , Aristeu Rozanski To: Return-path: In-Reply-To: <1363338823-25292-1-git-send-email-glommer-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org> Sender: cgroups-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-Id: linux-fsdevel.vger.kernel.org Since we have strict control on who access the devices, it should be no problem to allow the device to appear. Signed-off-by: Glauber Costa Cc: Aristeu Rozanski Cc: Eric Biederman Cc: Serge Hallyn --- fs/namei.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/namei.c b/fs/namei.c index 8a34d79..d0b4549 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -3126,7 +3126,7 @@ int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) if (error) return error; - if ((S_ISCHR(mode) || S_ISBLK(mode)) && !capable(CAP_MKNOD)) + if ((S_ISCHR(mode) || S_ISBLK(mode)) && !nsown_capable(CAP_MKNOD)) return -EPERM; if (!dir->i_op->mknod) -- 1.8.1.2