From mboxrd@z Thu Jan 1 00:00:00 1970 From: Seth Forshee Subject: [PATCH v4 15/21] fs: Don't remove suid for CAP_FSETID in s_user_ns Date: Tue, 26 Apr 2016 14:36:28 -0500 Message-ID: <1461699396-33000-16-git-send-email-seth.forshee@canonical.com> References: <1461699396-33000-1-git-send-email-seth.forshee@canonical.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1461699396-33000-1-git-send-email-seth.forshee@canonical.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-mtd" Errors-To: linux-mtd-bounces+gldm-linux-mtd-36=gmane.org@lists.infradead.org To: "Eric W. Biederman" , Alexander Viro Cc: linux-bcache@vger.kernel.org, Serge Hallyn , Seth Forshee , dm-devel@redhat.com, Miklos Szeredi , Richard Weinberger , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-raid@vger.kernel.org, fuse-devel@lists.sourceforge.net, Austin S Hemmelgarn , linux-mtd@lists.infradead.org, selinux@tycho.nsa.gov, linux-fsdevel@vger.kernel.org, cgroups@vger.kernel.org, Pavel Tikhomirov List-Id: linux-raid.ids Expand the check in should_remove_suid() to keep privileges for CAP_FSETID in s_user_ns rather than init_user_ns. Signed-off-by: Seth Forshee Acked-by: Serge Hallyn --- fs/inode.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/inode.c b/fs/inode.c index 69b8b526c194..cd52170f9117 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -1690,7 +1690,8 @@ int should_remove_suid(struct dentry *dentry) if (unlikely((mode & S_ISGID) && (mode & S_IXGRP))) kill |= ATTR_KILL_SGID; - if (unlikely(kill && !capable(CAP_FSETID) && S_ISREG(mode))) + if (unlikely(kill && !ns_capable(dentry->d_sb->s_user_ns, CAP_FSETID) && + S_ISREG(mode))) return kill; return 0; -- 2.7.4 ______________________________________________________ Linux MTD discussion mailing list http://lists.infradead.org/mailman/listinfo/linux-mtd/