diff options
-rw-r--r-- | fs/attr.c | 4 | ||||
-rw-r--r-- | fs/ext2/acl.c | 2 | ||||
-rw-r--r-- | fs/ext2/ioctl.c | 4 | ||||
-rw-r--r-- | fs/ext3/acl.c | 2 | ||||
-rw-r--r-- | fs/ext3/ioctl.c | 6 | ||||
-rw-r--r-- | fs/ext4/acl.c | 2 | ||||
-rw-r--r-- | fs/ext4/ioctl.c | 6 | ||||
-rw-r--r-- | fs/fcntl.c | 2 | ||||
-rw-r--r-- | fs/generic_acl.c | 2 | ||||
-rw-r--r-- | fs/gfs2/acl.c | 2 | ||||
-rw-r--r-- | fs/hfsplus/ioctl.c | 2 | ||||
-rw-r--r-- | fs/jffs2/acl.c | 2 | ||||
-rw-r--r-- | fs/jfs/ioctl.c | 2 | ||||
-rw-r--r-- | fs/jfs/xattr.c | 2 | ||||
-rw-r--r-- | fs/namei.c | 2 | ||||
-rw-r--r-- | fs/ocfs2/ioctl.c | 2 | ||||
-rw-r--r-- | fs/reiserfs/ioctl.c | 5 | ||||
-rw-r--r-- | fs/reiserfs/xattr_acl.c | 2 | ||||
-rw-r--r-- | fs/utimes.c | 2 | ||||
-rw-r--r-- | fs/xattr.c | 3 | ||||
-rw-r--r-- | include/linux/fs.h | 4 | ||||
-rw-r--r-- | security/selinux/hooks.c | 2 |
22 files changed, 32 insertions, 30 deletions
@@ -42,7 +42,7 @@ int inode_change_ok(struct inode *inode, struct iattr *attr) | |||
42 | 42 | ||
43 | /* Make sure a caller can chmod. */ | 43 | /* Make sure a caller can chmod. */ |
44 | if (ia_valid & ATTR_MODE) { | 44 | if (ia_valid & ATTR_MODE) { |
45 | if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) | 45 | if (!is_owner_or_cap(inode)) |
46 | goto error; | 46 | goto error; |
47 | /* Also check the setgid bit! */ | 47 | /* Also check the setgid bit! */ |
48 | if (!in_group_p((ia_valid & ATTR_GID) ? attr->ia_gid : | 48 | if (!in_group_p((ia_valid & ATTR_GID) ? attr->ia_gid : |
@@ -52,7 +52,7 @@ int inode_change_ok(struct inode *inode, struct iattr *attr) | |||
52 | 52 | ||
53 | /* Check for setting the inode time. */ | 53 | /* Check for setting the inode time. */ |
54 | if (ia_valid & (ATTR_MTIME_SET | ATTR_ATIME_SET)) { | 54 | if (ia_valid & (ATTR_MTIME_SET | ATTR_ATIME_SET)) { |
55 | if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) | 55 | if (!is_owner_or_cap(inode)) |
56 | goto error; | 56 | goto error; |
57 | } | 57 | } |
58 | fine: | 58 | fine: |
diff --git a/fs/ext2/acl.c b/fs/ext2/acl.c index 7c420b800c3..e58669e1b87 100644 --- a/fs/ext2/acl.c +++ b/fs/ext2/acl.c | |||
@@ -464,7 +464,7 @@ ext2_xattr_set_acl(struct inode *inode, int type, const void *value, | |||
464 | 464 | ||
465 | if (!test_opt(inode->i_sb, POSIX_ACL)) | 465 | if (!test_opt(inode->i_sb, POSIX_ACL)) |
466 | return -EOPNOTSUPP; | 466 | return -EOPNOTSUPP; |
467 | if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) | 467 | if (!is_owner_or_cap(inode)) |
468 | return -EPERM; | 468 | return -EPERM; |
469 | 469 | ||
470 | if (value) { | 470 | if (value) { |
diff --git a/fs/ext2/ioctl.c b/fs/ext2/ioctl.c index e85c4821823..3bcd25422ee 100644 --- a/fs/ext2/ioctl.c +++ b/fs/ext2/ioctl.c | |||
@@ -36,7 +36,7 @@ int ext2_ioctl (struct inode * inode, struct file * filp, unsigned int cmd, | |||
36 | if (IS_RDONLY(inode)) | 36 | if (IS_RDONLY(inode)) |
37 | return -EROFS; | 37 | return -EROFS; |
38 | 38 | ||
39 | if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) | 39 | if (!is_owner_or_cap(inode)) |
40 | return -EACCES; | 40 | return -EACCES; |
41 | 41 | ||
42 | if (get_user(flags, (int __user *) arg)) | 42 | if (get_user(flags, (int __user *) arg)) |
@@ -74,7 +74,7 @@ int ext2_ioctl (struct inode * inode, struct file * filp, unsigned int cmd, | |||
74 | case EXT2_IOC_GETVERSION: | 74 | case EXT2_IOC_GETVERSION: |
75 | return put_user(inode->i_generation, (int __user *) arg); | 75 | return put_user(inode->i_generation, (int __user *) arg); |
76 | case EXT2_IOC_SETVERSION: | 76 | case EXT2_IOC_SETVERSION: |
77 | if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) | 77 | if (!is_owner_or_cap(inode)) |
78 | return -EPERM; | 78 | return -EPERM; |
79 | if (IS_RDONLY(inode)) | 79 | if (IS_RDONLY(inode)) |
80 | return -EROFS; | 80 | return -EROFS; |
diff --git a/fs/ext3/acl.c b/fs/ext3/acl.c index 1e5038d9a01..d34e9967430 100644 --- a/fs/ext3/acl.c +++ b/fs/ext3/acl.c | |||
@@ -489,7 +489,7 @@ ext3_xattr_set_acl(struct inode *inode, int type, const void *value, | |||
489 | 489 | ||
490 | if (!test_opt(inode->i_sb, POSIX_ACL)) | 490 | if (!test_opt(inode->i_sb, POSIX_ACL)) |
491 | return -EOPNOTSUPP; | 491 | return -EOPNOTSUPP; |
492 | if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) | 492 | if (!is_owner_or_cap(inode)) |
493 | return -EPERM; | 493 | return -EPERM; |
494 | 494 | ||
495 | if (value) { | 495 | if (value) { |
diff --git a/fs/ext3/ioctl.c b/fs/ext3/ioctl.c index 965006dba6b..4a2a02c95bf 100644 --- a/fs/ext3/ioctl.c +++ b/fs/ext3/ioctl.c | |||
@@ -41,7 +41,7 @@ int ext3_ioctl (struct inode * inode, struct file * filp, unsigned int cmd, | |||
41 | if (IS_RDONLY(inode)) | 41 | if (IS_RDONLY(inode)) |
42 | return -EROFS; | 42 | return -EROFS; |
43 | 43 | ||
44 | if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) | 44 | if (!is_owner_or_cap(inode)) |
45 | return -EACCES; | 45 | return -EACCES; |
46 | 46 | ||
47 | if (get_user(flags, (int __user *) arg)) | 47 | if (get_user(flags, (int __user *) arg)) |
@@ -122,7 +122,7 @@ flags_err: | |||
122 | __u32 generation; | 122 | __u32 generation; |
123 | int err; | 123 | int err; |
124 | 124 | ||
125 | if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) | 125 | if (!is_owner_or_cap(inode)) |
126 | return -EPERM; | 126 | return -EPERM; |
127 | if (IS_RDONLY(inode)) | 127 | if (IS_RDONLY(inode)) |
128 | return -EROFS; | 128 | return -EROFS; |
@@ -181,7 +181,7 @@ flags_err: | |||
181 | if (IS_RDONLY(inode)) | 181 | if (IS_RDONLY(inode)) |
182 | return -EROFS; | 182 | return -EROFS; |
183 | 183 | ||
184 | if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) | 184 | if (!is_owner_or_cap(inode)) |
185 | return -EACCES; | 185 | return -EACCES; |
186 | 186 | ||
187 | if (get_user(rsv_window_size, (int __user *)arg)) | 187 | if (get_user(rsv_window_size, (int __user *)arg)) |
diff --git a/fs/ext4/acl.c b/fs/ext4/acl.c index 9e882546d91..a8bae8cd1d5 100644 --- a/fs/ext4/acl.c +++ b/fs/ext4/acl.c | |||
@@ -489,7 +489,7 @@ ext4_xattr_set_acl(struct inode *inode, int type, const void *value, | |||
489 | 489 | ||
490 | if (!test_opt(inode->i_sb, POSIX_ACL)) | 490 | if (!test_opt(inode->i_sb, POSIX_ACL)) |
491 | return -EOPNOTSUPP; | 491 | return -EOPNOTSUPP; |
492 | if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) | 492 | if (!is_owner_or_cap(inode)) |
493 | return -EPERM; | 493 | return -EPERM; |
494 | 494 | ||
495 | if (value) { | 495 | if (value) { |
diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c index 500567dd53b..7b4aa4543c8 100644 --- a/fs/ext4/ioctl.c +++ b/fs/ext4/ioctl.c | |||
@@ -40,7 +40,7 @@ int ext4_ioctl (struct inode * inode, struct file * filp, unsigned int cmd, | |||
40 | if (IS_RDONLY(inode)) | 40 | if (IS_RDONLY(inode)) |
41 | return -EROFS; | 41 | return -EROFS; |
42 | 42 | ||
43 | if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) | 43 | if (!is_owner_or_cap(inode)) |
44 | return -EACCES; | 44 | return -EACCES; |
45 | 45 | ||
46 | if (get_user(flags, (int __user *) arg)) | 46 | if (get_user(flags, (int __user *) arg)) |
@@ -121,7 +121,7 @@ flags_err: | |||
121 | __u32 generation; | 121 | __u32 generation; |
122 | int err; | 122 | int err; |
123 | 123 | ||
124 | if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) | 124 | if (!is_owner_or_cap(inode)) |
125 | return -EPERM; | 125 | return -EPERM; |
126 | if (IS_RDONLY(inode)) | 126 | if (IS_RDONLY(inode)) |
127 | return -EROFS; | 127 | return -EROFS; |
@@ -180,7 +180,7 @@ flags_err: | |||
180 | if (IS_RDONLY(inode)) | 180 | if (IS_RDONLY(inode)) |
181 | return -EROFS; | 181 | return -EROFS; |
182 | 182 | ||
183 | if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) | 183 | if (!is_owner_or_cap(inode)) |
184 | return -EACCES; | 184 | return -EACCES; |
185 | 185 | ||
186 | if (get_user(rsv_window_size, (int __user *)arg)) | 186 | if (get_user(rsv_window_size, (int __user *)arg)) |
diff --git a/fs/fcntl.c b/fs/fcntl.c index 8e382a5d51b..3f22e9f4f69 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c | |||
@@ -215,7 +215,7 @@ static int setfl(int fd, struct file * filp, unsigned long arg) | |||
215 | 215 | ||
216 | /* O_NOATIME can only be set by the owner or superuser */ | 216 | /* O_NOATIME can only be set by the owner or superuser */ |
217 | if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME)) | 217 | if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME)) |
218 | if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) | 218 | if (!is_owner_or_cap(inode)) |
219 | return -EPERM; | 219 | return -EPERM; |
220 | 220 | ||
221 | /* required for strict SunOS emulation */ | 221 | /* required for strict SunOS emulation */ |
diff --git a/fs/generic_acl.c b/fs/generic_acl.c index 9ccb7894717..995d63b2e74 100644 --- a/fs/generic_acl.c +++ b/fs/generic_acl.c | |||
@@ -78,7 +78,7 @@ generic_acl_set(struct inode *inode, struct generic_acl_operations *ops, | |||
78 | 78 | ||
79 | if (S_ISLNK(inode->i_mode)) | 79 | if (S_ISLNK(inode->i_mode)) |
80 | return -EOPNOTSUPP; | 80 | return -EOPNOTSUPP; |
81 | if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) | 81 | if (!is_owner_or_cap(inode)) |
82 | return -EPERM; | 82 | return -EPERM; |
83 | if (value) { | 83 | if (value) { |
84 | acl = posix_acl_from_xattr(value, size); | 84 | acl = posix_acl_from_xattr(value, size); |
diff --git a/fs/gfs2/acl.c b/fs/gfs2/acl.c index 6e80844367e..1047a8c7226 100644 --- a/fs/gfs2/acl.c +++ b/fs/gfs2/acl.c | |||
@@ -74,7 +74,7 @@ int gfs2_acl_validate_remove(struct gfs2_inode *ip, int access) | |||
74 | { | 74 | { |
75 | if (!GFS2_SB(&ip->i_inode)->sd_args.ar_posix_acl) | 75 | if (!GFS2_SB(&ip->i_inode)->sd_args.ar_posix_acl) |
76 | return -EOPNOTSUPP; | 76 | return -EOPNOTSUPP; |
77 | if (current->fsuid != ip->i_inode.i_uid && !capable(CAP_FOWNER)) | 77 | if (!is_owner_or_cap(&ip->i_inode)) |
78 | return -EPERM; | 78 | return -EPERM; |
79 | if (S_ISLNK(ip->i_inode.i_mode)) | 79 | if (S_ISLNK(ip->i_inode.i_mode)) |
80 | return -EOPNOTSUPP; | 80 | return -EOPNOTSUPP; |
diff --git a/fs/hfsplus/ioctl.c b/fs/hfsplus/ioctl.c index 79fd10402ea..b60c0affbec 100644 --- a/fs/hfsplus/ioctl.c +++ b/fs/hfsplus/ioctl.c | |||
@@ -38,7 +38,7 @@ int hfsplus_ioctl(struct inode *inode, struct file *filp, unsigned int cmd, | |||
38 | if (IS_RDONLY(inode)) | 38 | if (IS_RDONLY(inode)) |
39 | return -EROFS; | 39 | return -EROFS; |
40 | 40 | ||
41 | if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) | 41 | if (!is_owner_or_cap(inode)) |
42 | return -EACCES; | 42 | return -EACCES; |
43 | 43 | ||
44 | if (get_user(flags, (int __user *)arg)) | 44 | if (get_user(flags, (int __user *)arg)) |
diff --git a/fs/jffs2/acl.c b/fs/jffs2/acl.c index a46101ee867..65b3a1b5b88 100644 --- a/fs/jffs2/acl.c +++ b/fs/jffs2/acl.c | |||
@@ -435,7 +435,7 @@ static int jffs2_acl_setxattr(struct inode *inode, int type, const void *value, | |||
435 | struct posix_acl *acl; | 435 | struct posix_acl *acl; |
436 | int rc; | 436 | int rc; |
437 | 437 | ||
438 | if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) | 438 | if (!is_owner_or_cap(inode)) |
439 | return -EPERM; | 439 | return -EPERM; |
440 | 440 | ||
441 | if (value) { | 441 | if (value) { |
diff --git a/fs/jfs/ioctl.c b/fs/jfs/ioctl.c index fe063af6fd2..3c8663bea98 100644 --- a/fs/jfs/ioctl.c +++ b/fs/jfs/ioctl.c | |||
@@ -69,7 +69,7 @@ int jfs_ioctl(struct inode * inode, struct file * filp, unsigned int cmd, | |||
69 | if (IS_RDONLY(inode)) | 69 | if (IS_RDONLY(inode)) |
70 | return -EROFS; | 70 | return -EROFS; |
71 | 71 | ||
72 | if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) | 72 | if (!is_owner_or_cap(inode)) |
73 | return -EACCES; | 73 | return -EACCES; |
74 | 74 | ||
75 | if (get_user(flags, (int __user *) arg)) | 75 | if (get_user(flags, (int __user *) arg)) |
diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c index b2375f0774b..9b7f2cdaae0 100644 --- a/fs/jfs/xattr.c +++ b/fs/jfs/xattr.c | |||
@@ -697,7 +697,7 @@ static int can_set_system_xattr(struct inode *inode, const char *name, | |||
697 | struct posix_acl *acl; | 697 | struct posix_acl *acl; |
698 | int rc; | 698 | int rc; |
699 | 699 | ||
700 | if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) | 700 | if (!is_owner_or_cap(inode)) |
701 | return -EPERM; | 701 | return -EPERM; |
702 | 702 | ||
703 | /* | 703 | /* |
diff --git a/fs/namei.c b/fs/namei.c index 5e2d98d10c5..defaa47c11d 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
@@ -1576,7 +1576,7 @@ int may_open(struct nameidata *nd, int acc_mode, int flag) | |||
1576 | 1576 | ||
1577 | /* O_NOATIME can only be set by the owner or superuser */ | 1577 | /* O_NOATIME can only be set by the owner or superuser */ |
1578 | if (flag & O_NOATIME) | 1578 | if (flag & O_NOATIME) |
1579 | if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) | 1579 | if (!is_owner_or_cap(inode)) |
1580 | return -EPERM; | 1580 | return -EPERM; |
1581 | 1581 | ||
1582 | /* | 1582 | /* |
diff --git a/fs/ocfs2/ioctl.c b/fs/ocfs2/ioctl.c index bd68c3f2afb..87dcece7e1b 100644 --- a/fs/ocfs2/ioctl.c +++ b/fs/ocfs2/ioctl.c | |||
@@ -63,7 +63,7 @@ static int ocfs2_set_inode_attr(struct inode *inode, unsigned flags, | |||
63 | goto bail_unlock; | 63 | goto bail_unlock; |
64 | 64 | ||
65 | status = -EACCES; | 65 | status = -EACCES; |
66 | if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) | 66 | if (!is_owner_or_cap(inode)) |
67 | goto bail_unlock; | 67 | goto bail_unlock; |
68 | 68 | ||
69 | if (!S_ISDIR(inode->i_mode)) | 69 | if (!S_ISDIR(inode->i_mode)) |
diff --git a/fs/reiserfs/ioctl.c b/fs/reiserfs/ioctl.c index b484d2913c0..11a0fcc2d40 100644 --- a/fs/reiserfs/ioctl.c +++ b/fs/reiserfs/ioctl.c | |||
@@ -51,8 +51,7 @@ int reiserfs_ioctl(struct inode *inode, struct file *filp, unsigned int cmd, | |||
51 | if (IS_RDONLY(inode)) | 51 | if (IS_RDONLY(inode)) |
52 | return -EROFS; | 52 | return -EROFS; |
53 | 53 | ||
54 | if ((current->fsuid != inode->i_uid) | 54 | if (!is_owner_or_cap(inode)) |
55 | && !capable(CAP_FOWNER)) | ||
56 | return -EPERM; | 55 | return -EPERM; |
57 | 56 | ||
58 | if (get_user(flags, (int __user *)arg)) | 57 | if (get_user(flags, (int __user *)arg)) |
@@ -81,7 +80,7 @@ int reiserfs_ioctl(struct inode *inode, struct file *filp, unsigned int cmd, | |||
81 | case REISERFS_IOC_GETVERSION: | 80 | case REISERFS_IOC_GETVERSION: |
82 | return put_user(inode->i_generation, (int __user *)arg); | 81 | return put_user(inode->i_generation, (int __user *)arg); |
83 | case REISERFS_IOC_SETVERSION: | 82 | case REISERFS_IOC_SETVERSION: |
84 | if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) | 83 | if (!is_owner_or_cap(inode)) |
85 | return -EPERM; | 84 | return -EPERM; |
86 | if (IS_RDONLY(inode)) | 85 | if (IS_RDONLY(inode)) |
87 | return -EROFS; | 86 | return -EROFS; |
diff --git a/fs/reiserfs/xattr_acl.c b/fs/reiserfs/xattr_acl.c index 5296a29cc5e..b7e4fa4539d 100644 --- a/fs/reiserfs/xattr_acl.c +++ b/fs/reiserfs/xattr_acl.c | |||
@@ -21,7 +21,7 @@ xattr_set_acl(struct inode *inode, int type, const void *value, size_t size) | |||
21 | 21 | ||
22 | if (!reiserfs_posixacl(inode->i_sb)) | 22 | if (!reiserfs_posixacl(inode->i_sb)) |
23 | return -EOPNOTSUPP; | 23 | return -EOPNOTSUPP; |
24 | if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) | 24 | if (!is_owner_or_cap(inode)) |
25 | return -EPERM; | 25 | return -EPERM; |
26 | 26 | ||
27 | if (value) { | 27 | if (value) { |
diff --git a/fs/utimes.c b/fs/utimes.c index 83a7e69e706..682eb63b20a 100644 --- a/fs/utimes.c +++ b/fs/utimes.c | |||
@@ -106,7 +106,7 @@ long do_utimes(int dfd, char __user *filename, struct timespec *times, int flags | |||
106 | if (IS_IMMUTABLE(inode)) | 106 | if (IS_IMMUTABLE(inode)) |
107 | goto dput_and_out; | 107 | goto dput_and_out; |
108 | 108 | ||
109 | if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) { | 109 | if (!is_owner_or_cap(inode)) { |
110 | if (f) { | 110 | if (f) { |
111 | if (!(f->f_mode & FMODE_WRITE)) | 111 | if (!(f->f_mode & FMODE_WRITE)) |
112 | goto dput_and_out; | 112 | goto dput_and_out; |
diff --git a/fs/xattr.c b/fs/xattr.c index 4523aca7965..a44fd92caca 100644 --- a/fs/xattr.c +++ b/fs/xattr.c | |||
@@ -60,8 +60,7 @@ xattr_permission(struct inode *inode, const char *name, int mask) | |||
60 | if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) | 60 | if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) |
61 | return -EPERM; | 61 | return -EPERM; |
62 | if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && | 62 | if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && |
63 | (mask & MAY_WRITE) && (current->fsuid != inode->i_uid) && | 63 | (mask & MAY_WRITE) && !is_owner_or_cap(inode)) |
64 | !capable(CAP_FOWNER)) | ||
65 | return -EPERM; | 64 | return -EPERM; |
66 | } | 65 | } |
67 | 66 | ||
diff --git a/include/linux/fs.h b/include/linux/fs.h index 58ce336d4a6..98205f68047 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h | |||
@@ -284,6 +284,7 @@ extern int dir_notify_enable; | |||
284 | #include <linux/pid.h> | 284 | #include <linux/pid.h> |
285 | #include <linux/mutex.h> | 285 | #include <linux/mutex.h> |
286 | #include <linux/sysctl.h> | 286 | #include <linux/sysctl.h> |
287 | #include <linux/capability.h> | ||
287 | 288 | ||
288 | #include <asm/atomic.h> | 289 | #include <asm/atomic.h> |
289 | #include <asm/semaphore.h> | 290 | #include <asm/semaphore.h> |
@@ -990,6 +991,9 @@ enum { | |||
990 | #define put_fs_excl() atomic_dec(¤t->fs_excl) | 991 | #define put_fs_excl() atomic_dec(¤t->fs_excl) |
991 | #define has_fs_excl() atomic_read(¤t->fs_excl) | 992 | #define has_fs_excl() atomic_read(¤t->fs_excl) |
992 | 993 | ||
994 | #define is_owner_or_cap(inode) \ | ||
995 | ((current->fsuid == (inode)->i_uid) || capable(CAP_FOWNER)) | ||
996 | |||
993 | /* not quite ready to be deprecated, but... */ | 997 | /* not quite ready to be deprecated, but... */ |
994 | extern void lock_super(struct super_block *); | 998 | extern void lock_super(struct super_block *); |
995 | extern void unlock_super(struct super_block *); | 999 | extern void unlock_super(struct super_block *); |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 78c3f98fcdc..520b9998123 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -2318,7 +2318,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value | |||
2318 | if (sbsec->behavior == SECURITY_FS_USE_MNTPOINT) | 2318 | if (sbsec->behavior == SECURITY_FS_USE_MNTPOINT) |
2319 | return -EOPNOTSUPP; | 2319 | return -EOPNOTSUPP; |
2320 | 2320 | ||
2321 | if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) | 2321 | if (!is_owner_or_cap(inode)) |
2322 | return -EPERM; | 2322 | return -EPERM; |
2323 | 2323 | ||
2324 | AVC_AUDIT_DATA_INIT(&ad,FS); | 2324 | AVC_AUDIT_DATA_INIT(&ad,FS); |