diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-01-17 13:19:41 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-01-17 13:19:41 -0500 |
| commit | 951880e634a79884236a575b896abf55c39ae0bf (patch) | |
| tree | b23ec5a95cd72083227ed5b7396e2f8799f4a58c /kernel | |
| parent | c2bc3a316a7281f67e36b34dac2802cbe36a9128 (diff) | |
Revert "capabitlies: ns_capable can use the cap helpers rather than lsm call"
This reverts commit d2a7009f0bb03fa22ad08dd25472efa0568126b9.
J. R. Okajima explains:
"After this commit, I am afraid access(2) on NFS may not work
correctly. The scenario based upon my guess.
- access(2) overrides the credentials.
- calls inode_permission() -- ... -- generic_permission() --
ns_capable().
- while the old ns_capable() calls security_capable(current_cred()),
the new ns_capable() calls has_ns_capability(current) --
security_capable(__task_cred(t)).
current_cred() returns current->cred which is effective (overridden)
credentials, but __task_cred(current) returns current->real_cred (the
NFSD's credential). And the overridden credentials by access(2) lost."
Requested-by: J. R. Okajima <hooanon05@yahoo.co.jp>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/capability.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/capability.c b/kernel/capability.c index 0fcf1c14a297..3f1adb6c6470 100644 --- a/kernel/capability.c +++ b/kernel/capability.c | |||
| @@ -384,7 +384,7 @@ bool ns_capable(struct user_namespace *ns, int cap) | |||
| 384 | BUG(); | 384 | BUG(); |
| 385 | } | 385 | } |
| 386 | 386 | ||
| 387 | if (has_ns_capability(current, ns, cap)) { | 387 | if (security_capable(current_cred(), ns, cap) == 0) { |
| 388 | current->flags |= PF_SUPERPRIV; | 388 | current->flags |= PF_SUPERPRIV; |
| 389 | return true; | 389 | return true; |
| 390 | } | 390 | } |