userns: userns: check user namespace for task->file uid equivalence checks

Cheat for now and say all files belong to init_user_ns. Next step will be to let superblocks belong to a user_ns, and derive inode_userns(inode) from inode->i_sb->s_user_ns. Finally we'll introduce more flexible arrangements. Changelog: Feb 15: make is_owner_or_cap take const struct inode Feb 23: make is_owner_or_cap bool [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Acked-by: Daniel Lezcano <daniel.lezcano@free.fr> Acked-by: David Howells <dhowells@redhat.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Serge E. Hallyn <serge@hallyn.com> 2011-03-23 19:43:25 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2011-03-23 22:47:08 -0400
commit: e795b71799ff0b27365020c9ddaa25d0d83f99c8 (patch)
tree: f3b628c2366f181380a8fbcd490910eb086a7b8e /fs/inode.c
parent: b0e77598f87107001a00b8a4ece9c95e4254ccc4 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/fs/inode.c b/fs/inode.c
index 16fefd373fc2..a21d5a938a17 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -25,6 +25,7 @@
 #include <linux/async.h>
 #include <linux/posix_acl.h>
 #include <linux/ima.h>
+#include <linux/cred.h>
 /*
 * This is needed for the following functions:
@@ -1733,3 +1734,19 @@ void inode_init_owner(struct inode *inode, const struct inode *dir,
        inode->i_mode = mode;
 }
 EXPORT_SYMBOL(inode_init_owner);
+/*
+ * return true if current either has CAP_FOWNER to the
+ * file, or owns the file.
+ */
+bool is_owner_or_cap(const struct inode *inode)
+{
+        struct user_namespace *ns = inode_userns(inode);
+        if (current_user_ns() == ns && current_fsuid() == inode->i_uid)
+                return true;
+        if (ns_capable(ns, CAP_FOWNER))
+                return true;
+        return false;
+}
+EXPORT_SYMBOL(is_owner_or_cap);
author	Serge E. Hallyn <serge@hallyn.com>	2011-03-23 19:43:25 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2011-03-23 22:47:08 -0400
commit	e795b71799ff0b27365020c9ddaa25d0d83f99c8 (patch)
tree	f3b628c2366f181380a8fbcd490910eb086a7b8e /fs/inode.c
parent	b0e77598f87107001a00b8a4ece9c95e4254ccc4 (diff)

diff --git a/fs/inode.c b/fs/inode.c index 16fefd373fc2..a21d5a938a17 100644 --- a/fs/inode.c +++ b/fs/inode.c
@@ -25,6 +25,7 @@
25	#include <linux/async.h>	25	#include <linux/async.h>
26	#include <linux/posix_acl.h>	26	#include <linux/posix_acl.h>
27	#include <linux/ima.h>	27	#include <linux/ima.h>
		28	#include <linux/cred.h>
28		29
29	/*	30	/*
30	* This is needed for the following functions:	31	* This is needed for the following functions:
@@ -1733,3 +1734,19 @@ void inode_init_owner(struct inode inode, const struct inode dir,
1733	inode->i_mode = mode;	1734	inode->i_mode = mode;
1734	}	1735	}
1735	EXPORT_SYMBOL(inode_init_owner);	1736	EXPORT_SYMBOL(inode_init_owner);
		1737
		1738	/*
		1739	* return true if current either has CAP_FOWNER to the
		1740	* file, or owns the file.
		1741	*/
		1742	bool is_owner_or_cap(const struct inode *inode)
		1743	{
		1744	struct user_namespace *ns = inode_userns(inode);
		1745
		1746	if (current_user_ns() == ns && current_fsuid() == inode->i_uid)
		1747	return true;
		1748	if (ns_capable(ns, CAP_FOWNER))
		1749	return true;
		1750	return false;
		1751	}
		1752	EXPORT_SYMBOL(is_owner_or_cap);