summaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorDwight Engen <dwight.engen@oracle.com>2013-08-15 14:08:00 -0400
committerBen Myers <bpm@sgi.com>2013-08-15 14:19:25 -0500
commitfd5e2aa8653665ae1cc60f7aca1069abdbcad3f6 (patch)
tree5d05c2c4190f30534f866ef881a8391bc7ea322c /kernel
parent288bbe0eeb3da7238482ca586c6fb029801336be (diff)
downloadlinux-fd5e2aa8653665ae1cc60f7aca1069abdbcad3f6.tar.gz
linux-fd5e2aa8653665ae1cc60f7aca1069abdbcad3f6.tar.bz2
linux-fd5e2aa8653665ae1cc60f7aca1069abdbcad3f6.zip
xfs: ioctl check for capabilities in the current user namespace
Use inode_capable() to check if SUID|SGID bits should be cleared to match similar check in inode_change_ok(). The check for CAP_LINUX_IMMUTABLE was not modified since all other file systems also check against init_user_ns rather than current_user_ns. Only allow changing of projid from init_user_ns. Reviewed-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Signed-off-by: Ben Myers <bpm@sgi.com>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/capability.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/kernel/capability.c b/kernel/capability.c
index f6c2ce5701e1..a4b67446dc87 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -464,3 +464,4 @@ bool inode_capable(const struct inode *inode, int cap)
return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid);
}
+EXPORT_SYMBOL(inode_capable);