diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2012-03-12 16:08:45 -0400 |
|---|---|---|
| committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-05-15 17:59:24 -0400 |
| commit | 65cc5a17ad3388f89ddc3d68226a09242656809b (patch) | |
| tree | 04db523bba313b28d00ff2a1864a4d4dde40c97e | |
| parent | 9e4a36ece652908276bc4abb4324ec56292453e1 (diff) | |
userns: Teach inode_capable to understand inodes whose uids map to other namespaces.
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| -rw-r--r-- | kernel/capability.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/kernel/capability.c b/kernel/capability.c index cc5f0718215..493d9725948 100644 --- a/kernel/capability.c +++ b/kernel/capability.c | |||
| @@ -429,12 +429,14 @@ bool nsown_capable(int cap) | |||
| 429 | * targeted at it's own user namespace and that the given inode is owned | 429 | * targeted at it's own user namespace and that the given inode is owned |
| 430 | * by the current user namespace or a child namespace. | 430 | * by the current user namespace or a child namespace. |
| 431 | * | 431 | * |
| 432 | * Currently inodes can only be owned by the initial user namespace. | 432 | * Currently we check to see if an inode is owned by the current |
| 433 | * user namespace by seeing if the inode's owner maps into the | ||
| 434 | * current user namespace. | ||
| 433 | * | 435 | * |
| 434 | */ | 436 | */ |
| 435 | bool inode_capable(const struct inode *inode, int cap) | 437 | bool inode_capable(const struct inode *inode, int cap) |
| 436 | { | 438 | { |
| 437 | struct user_namespace *ns = current_user_ns(); | 439 | struct user_namespace *ns = current_user_ns(); |
| 438 | 440 | ||
| 439 | return ns_capable(ns, cap) && (ns == &init_user_ns); | 441 | return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid); |
| 440 | } | 442 | } |