aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--fs/attr.c4
-rw-r--r--fs/ext2/acl.c2
-rw-r--r--fs/ext2/ioctl.c4
-rw-r--r--fs/ext3/acl.c2
-rw-r--r--fs/ext3/ioctl.c6
-rw-r--r--fs/ext4/acl.c2
-rw-r--r--fs/ext4/ioctl.c6
-rw-r--r--fs/fcntl.c2
-rw-r--r--fs/generic_acl.c2
-rw-r--r--fs/gfs2/acl.c2
-rw-r--r--fs/hfsplus/ioctl.c2
-rw-r--r--fs/jffs2/acl.c2
-rw-r--r--fs/jfs/ioctl.c2
-rw-r--r--fs/jfs/xattr.c2
-rw-r--r--fs/namei.c2
-rw-r--r--fs/ocfs2/ioctl.c2
-rw-r--r--fs/reiserfs/ioctl.c5
-rw-r--r--fs/reiserfs/xattr_acl.c2
-rw-r--r--fs/utimes.c2
-rw-r--r--fs/xattr.c3
-rw-r--r--include/linux/fs.h4
-rw-r--r--security/selinux/hooks.c2
22 files changed, 32 insertions, 30 deletions
diff --git a/fs/attr.c b/fs/attr.c
index a0a0c7b07ba3..f8dfc2269d85 100644
--- a/fs/attr.c
+++ b/fs/attr.c
@@ -42,7 +42,7 @@ int inode_change_ok(struct inode *inode, struct iattr *attr)
42 42
43 /* Make sure a caller can chmod. */ 43 /* Make sure a caller can chmod. */
44 if (ia_valid & ATTR_MODE) { 44 if (ia_valid & ATTR_MODE) {
45 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) 45 if (!is_owner_or_cap(inode))
46 goto error; 46 goto error;
47 /* Also check the setgid bit! */ 47 /* Also check the setgid bit! */
48 if (!in_group_p((ia_valid & ATTR_GID) ? attr->ia_gid : 48 if (!in_group_p((ia_valid & ATTR_GID) ? attr->ia_gid :
@@ -52,7 +52,7 @@ int inode_change_ok(struct inode *inode, struct iattr *attr)
52 52
53 /* Check for setting the inode time. */ 53 /* Check for setting the inode time. */
54 if (ia_valid & (ATTR_MTIME_SET | ATTR_ATIME_SET)) { 54 if (ia_valid & (ATTR_MTIME_SET | ATTR_ATIME_SET)) {
55 if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) 55 if (!is_owner_or_cap(inode))
56 goto error; 56 goto error;
57 } 57 }
58fine: 58fine:
diff --git a/fs/ext2/acl.c b/fs/ext2/acl.c
index 7c420b800c34..e58669e1b87c 100644
--- a/fs/ext2/acl.c
+++ b/fs/ext2/acl.c
@@ -464,7 +464,7 @@ ext2_xattr_set_acl(struct inode *inode, int type, const void *value,
464 464
465 if (!test_opt(inode->i_sb, POSIX_ACL)) 465 if (!test_opt(inode->i_sb, POSIX_ACL))
466 return -EOPNOTSUPP; 466 return -EOPNOTSUPP;
467 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) 467 if (!is_owner_or_cap(inode))
468 return -EPERM; 468 return -EPERM;
469 469
470 if (value) { 470 if (value) {
diff --git a/fs/ext2/ioctl.c b/fs/ext2/ioctl.c
index e85c48218239..3bcd25422ee4 100644
--- a/fs/ext2/ioctl.c
+++ b/fs/ext2/ioctl.c
@@ -36,7 +36,7 @@ int ext2_ioctl (struct inode * inode, struct file * filp, unsigned int cmd,
36 if (IS_RDONLY(inode)) 36 if (IS_RDONLY(inode))
37 return -EROFS; 37 return -EROFS;
38 38
39 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) 39 if (!is_owner_or_cap(inode))
40 return -EACCES; 40 return -EACCES;
41 41
42 if (get_user(flags, (int __user *) arg)) 42 if (get_user(flags, (int __user *) arg))
@@ -74,7 +74,7 @@ int ext2_ioctl (struct inode * inode, struct file * filp, unsigned int cmd,
74 case EXT2_IOC_GETVERSION: 74 case EXT2_IOC_GETVERSION:
75 return put_user(inode->i_generation, (int __user *) arg); 75 return put_user(inode->i_generation, (int __user *) arg);
76 case EXT2_IOC_SETVERSION: 76 case EXT2_IOC_SETVERSION:
77 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) 77 if (!is_owner_or_cap(inode))
78 return -EPERM; 78 return -EPERM;
79 if (IS_RDONLY(inode)) 79 if (IS_RDONLY(inode))
80 return -EROFS; 80 return -EROFS;
diff --git a/fs/ext3/acl.c b/fs/ext3/acl.c
index 1e5038d9a01b..d34e9967430a 100644
--- a/fs/ext3/acl.c
+++ b/fs/ext3/acl.c
@@ -489,7 +489,7 @@ ext3_xattr_set_acl(struct inode *inode, int type, const void *value,
489 489
490 if (!test_opt(inode->i_sb, POSIX_ACL)) 490 if (!test_opt(inode->i_sb, POSIX_ACL))
491 return -EOPNOTSUPP; 491 return -EOPNOTSUPP;
492 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) 492 if (!is_owner_or_cap(inode))
493 return -EPERM; 493 return -EPERM;
494 494
495 if (value) { 495 if (value) {
diff --git a/fs/ext3/ioctl.c b/fs/ext3/ioctl.c
index 965006dba6be..4a2a02c95bf9 100644
--- a/fs/ext3/ioctl.c
+++ b/fs/ext3/ioctl.c
@@ -41,7 +41,7 @@ int ext3_ioctl (struct inode * inode, struct file * filp, unsigned int cmd,
41 if (IS_RDONLY(inode)) 41 if (IS_RDONLY(inode))
42 return -EROFS; 42 return -EROFS;
43 43
44 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) 44 if (!is_owner_or_cap(inode))
45 return -EACCES; 45 return -EACCES;
46 46
47 if (get_user(flags, (int __user *) arg)) 47 if (get_user(flags, (int __user *) arg))
@@ -122,7 +122,7 @@ flags_err:
122 __u32 generation; 122 __u32 generation;
123 int err; 123 int err;
124 124
125 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) 125 if (!is_owner_or_cap(inode))
126 return -EPERM; 126 return -EPERM;
127 if (IS_RDONLY(inode)) 127 if (IS_RDONLY(inode))
128 return -EROFS; 128 return -EROFS;
@@ -181,7 +181,7 @@ flags_err:
181 if (IS_RDONLY(inode)) 181 if (IS_RDONLY(inode))
182 return -EROFS; 182 return -EROFS;
183 183
184 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) 184 if (!is_owner_or_cap(inode))
185 return -EACCES; 185 return -EACCES;
186 186
187 if (get_user(rsv_window_size, (int __user *)arg)) 187 if (get_user(rsv_window_size, (int __user *)arg))
diff --git a/fs/ext4/acl.c b/fs/ext4/acl.c
index 9e882546d91a..a8bae8cd1d5d 100644
--- a/fs/ext4/acl.c
+++ b/fs/ext4/acl.c
@@ -489,7 +489,7 @@ ext4_xattr_set_acl(struct inode *inode, int type, const void *value,
489 489
490 if (!test_opt(inode->i_sb, POSIX_ACL)) 490 if (!test_opt(inode->i_sb, POSIX_ACL))
491 return -EOPNOTSUPP; 491 return -EOPNOTSUPP;
492 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) 492 if (!is_owner_or_cap(inode))
493 return -EPERM; 493 return -EPERM;
494 494
495 if (value) { 495 if (value) {
diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c
index 500567dd53b6..7b4aa4543c83 100644
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -40,7 +40,7 @@ int ext4_ioctl (struct inode * inode, struct file * filp, unsigned int cmd,
40 if (IS_RDONLY(inode)) 40 if (IS_RDONLY(inode))
41 return -EROFS; 41 return -EROFS;
42 42
43 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) 43 if (!is_owner_or_cap(inode))
44 return -EACCES; 44 return -EACCES;
45 45
46 if (get_user(flags, (int __user *) arg)) 46 if (get_user(flags, (int __user *) arg))
@@ -121,7 +121,7 @@ flags_err:
121 __u32 generation; 121 __u32 generation;
122 int err; 122 int err;
123 123
124 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) 124 if (!is_owner_or_cap(inode))
125 return -EPERM; 125 return -EPERM;
126 if (IS_RDONLY(inode)) 126 if (IS_RDONLY(inode))
127 return -EROFS; 127 return -EROFS;
@@ -180,7 +180,7 @@ flags_err:
180 if (IS_RDONLY(inode)) 180 if (IS_RDONLY(inode))
181 return -EROFS; 181 return -EROFS;
182 182
183 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) 183 if (!is_owner_or_cap(inode))
184 return -EACCES; 184 return -EACCES;
185 185
186 if (get_user(rsv_window_size, (int __user *)arg)) 186 if (get_user(rsv_window_size, (int __user *)arg))
diff --git a/fs/fcntl.c b/fs/fcntl.c
index 8e382a5d51bd..3f22e9f4f691 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -215,7 +215,7 @@ static int setfl(int fd, struct file * filp, unsigned long arg)
215 215
216 /* O_NOATIME can only be set by the owner or superuser */ 216 /* O_NOATIME can only be set by the owner or superuser */
217 if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME)) 217 if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME))
218 if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) 218 if (!is_owner_or_cap(inode))
219 return -EPERM; 219 return -EPERM;
220 220
221 /* required for strict SunOS emulation */ 221 /* required for strict SunOS emulation */
diff --git a/fs/generic_acl.c b/fs/generic_acl.c
index 9ccb78947171..995d63b2e747 100644
--- a/fs/generic_acl.c
+++ b/fs/generic_acl.c
@@ -78,7 +78,7 @@ generic_acl_set(struct inode *inode, struct generic_acl_operations *ops,
78 78
79 if (S_ISLNK(inode->i_mode)) 79 if (S_ISLNK(inode->i_mode))
80 return -EOPNOTSUPP; 80 return -EOPNOTSUPP;
81 if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) 81 if (!is_owner_or_cap(inode))
82 return -EPERM; 82 return -EPERM;
83 if (value) { 83 if (value) {
84 acl = posix_acl_from_xattr(value, size); 84 acl = posix_acl_from_xattr(value, size);
diff --git a/fs/gfs2/acl.c b/fs/gfs2/acl.c
index 6e80844367ee..1047a8c7226a 100644
--- a/fs/gfs2/acl.c
+++ b/fs/gfs2/acl.c
@@ -74,7 +74,7 @@ int gfs2_acl_validate_remove(struct gfs2_inode *ip, int access)
74{ 74{
75 if (!GFS2_SB(&ip->i_inode)->sd_args.ar_posix_acl) 75 if (!GFS2_SB(&ip->i_inode)->sd_args.ar_posix_acl)
76 return -EOPNOTSUPP; 76 return -EOPNOTSUPP;
77 if (current->fsuid != ip->i_inode.i_uid && !capable(CAP_FOWNER)) 77 if (!is_owner_or_cap(&ip->i_inode))
78 return -EPERM; 78 return -EPERM;
79 if (S_ISLNK(ip->i_inode.i_mode)) 79 if (S_ISLNK(ip->i_inode.i_mode))
80 return -EOPNOTSUPP; 80 return -EOPNOTSUPP;
diff --git a/fs/hfsplus/ioctl.c b/fs/hfsplus/ioctl.c
index 79fd10402ea3..b60c0affbec5 100644
--- a/fs/hfsplus/ioctl.c
+++ b/fs/hfsplus/ioctl.c
@@ -38,7 +38,7 @@ int hfsplus_ioctl(struct inode *inode, struct file *filp, unsigned int cmd,
38 if (IS_RDONLY(inode)) 38 if (IS_RDONLY(inode))
39 return -EROFS; 39 return -EROFS;
40 40
41 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) 41 if (!is_owner_or_cap(inode))
42 return -EACCES; 42 return -EACCES;
43 43
44 if (get_user(flags, (int __user *)arg)) 44 if (get_user(flags, (int __user *)arg))
diff --git a/fs/jffs2/acl.c b/fs/jffs2/acl.c
index a46101ee867a..65b3a1b5b88d 100644
--- a/fs/jffs2/acl.c
+++ b/fs/jffs2/acl.c
@@ -435,7 +435,7 @@ static int jffs2_acl_setxattr(struct inode *inode, int type, const void *value,
435 struct posix_acl *acl; 435 struct posix_acl *acl;
436 int rc; 436 int rc;
437 437
438 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) 438 if (!is_owner_or_cap(inode))
439 return -EPERM; 439 return -EPERM;
440 440
441 if (value) { 441 if (value) {
diff --git a/fs/jfs/ioctl.c b/fs/jfs/ioctl.c
index fe063af6fd2f..3c8663bea98c 100644
--- a/fs/jfs/ioctl.c
+++ b/fs/jfs/ioctl.c
@@ -69,7 +69,7 @@ int jfs_ioctl(struct inode * inode, struct file * filp, unsigned int cmd,
69 if (IS_RDONLY(inode)) 69 if (IS_RDONLY(inode))
70 return -EROFS; 70 return -EROFS;
71 71
72 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) 72 if (!is_owner_or_cap(inode))
73 return -EACCES; 73 return -EACCES;
74 74
75 if (get_user(flags, (int __user *) arg)) 75 if (get_user(flags, (int __user *) arg))
diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c
index b2375f0774b7..9b7f2cdaae0a 100644
--- a/fs/jfs/xattr.c
+++ b/fs/jfs/xattr.c
@@ -697,7 +697,7 @@ static int can_set_system_xattr(struct inode *inode, const char *name,
697 struct posix_acl *acl; 697 struct posix_acl *acl;
698 int rc; 698 int rc;
699 699
700 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) 700 if (!is_owner_or_cap(inode))
701 return -EPERM; 701 return -EPERM;
702 702
703 /* 703 /*
diff --git a/fs/namei.c b/fs/namei.c
index 5e2d98d10c5d..defaa47c11d4 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1576,7 +1576,7 @@ int may_open(struct nameidata *nd, int acc_mode, int flag)
1576 1576
1577 /* O_NOATIME can only be set by the owner or superuser */ 1577 /* O_NOATIME can only be set by the owner or superuser */
1578 if (flag & O_NOATIME) 1578 if (flag & O_NOATIME)
1579 if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) 1579 if (!is_owner_or_cap(inode))
1580 return -EPERM; 1580 return -EPERM;
1581 1581
1582 /* 1582 /*
diff --git a/fs/ocfs2/ioctl.c b/fs/ocfs2/ioctl.c
index bd68c3f2afbe..87dcece7e1b5 100644
--- a/fs/ocfs2/ioctl.c
+++ b/fs/ocfs2/ioctl.c
@@ -63,7 +63,7 @@ static int ocfs2_set_inode_attr(struct inode *inode, unsigned flags,
63 goto bail_unlock; 63 goto bail_unlock;
64 64
65 status = -EACCES; 65 status = -EACCES;
66 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) 66 if (!is_owner_or_cap(inode))
67 goto bail_unlock; 67 goto bail_unlock;
68 68
69 if (!S_ISDIR(inode->i_mode)) 69 if (!S_ISDIR(inode->i_mode))
diff --git a/fs/reiserfs/ioctl.c b/fs/reiserfs/ioctl.c
index b484d2913c0d..11a0fcc2d402 100644
--- a/fs/reiserfs/ioctl.c
+++ b/fs/reiserfs/ioctl.c
@@ -51,8 +51,7 @@ int reiserfs_ioctl(struct inode *inode, struct file *filp, unsigned int cmd,
51 if (IS_RDONLY(inode)) 51 if (IS_RDONLY(inode))
52 return -EROFS; 52 return -EROFS;
53 53
54 if ((current->fsuid != inode->i_uid) 54 if (!is_owner_or_cap(inode))
55 && !capable(CAP_FOWNER))
56 return -EPERM; 55 return -EPERM;
57 56
58 if (get_user(flags, (int __user *)arg)) 57 if (get_user(flags, (int __user *)arg))
@@ -81,7 +80,7 @@ int reiserfs_ioctl(struct inode *inode, struct file *filp, unsigned int cmd,
81 case REISERFS_IOC_GETVERSION: 80 case REISERFS_IOC_GETVERSION:
82 return put_user(inode->i_generation, (int __user *)arg); 81 return put_user(inode->i_generation, (int __user *)arg);
83 case REISERFS_IOC_SETVERSION: 82 case REISERFS_IOC_SETVERSION:
84 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) 83 if (!is_owner_or_cap(inode))
85 return -EPERM; 84 return -EPERM;
86 if (IS_RDONLY(inode)) 85 if (IS_RDONLY(inode))
87 return -EROFS; 86 return -EROFS;
diff --git a/fs/reiserfs/xattr_acl.c b/fs/reiserfs/xattr_acl.c
index 5296a29cc5eb..b7e4fa4539de 100644
--- a/fs/reiserfs/xattr_acl.c
+++ b/fs/reiserfs/xattr_acl.c
@@ -21,7 +21,7 @@ xattr_set_acl(struct inode *inode, int type, const void *value, size_t size)
21 21
22 if (!reiserfs_posixacl(inode->i_sb)) 22 if (!reiserfs_posixacl(inode->i_sb))
23 return -EOPNOTSUPP; 23 return -EOPNOTSUPP;
24 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) 24 if (!is_owner_or_cap(inode))
25 return -EPERM; 25 return -EPERM;
26 26
27 if (value) { 27 if (value) {
diff --git a/fs/utimes.c b/fs/utimes.c
index 83a7e69e706c..682eb63b20ad 100644
--- a/fs/utimes.c
+++ b/fs/utimes.c
@@ -106,7 +106,7 @@ long do_utimes(int dfd, char __user *filename, struct timespec *times, int flags
106 if (IS_IMMUTABLE(inode)) 106 if (IS_IMMUTABLE(inode))
107 goto dput_and_out; 107 goto dput_and_out;
108 108
109 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) { 109 if (!is_owner_or_cap(inode)) {
110 if (f) { 110 if (f) {
111 if (!(f->f_mode & FMODE_WRITE)) 111 if (!(f->f_mode & FMODE_WRITE))
112 goto dput_and_out; 112 goto dput_and_out;
diff --git a/fs/xattr.c b/fs/xattr.c
index 4523aca79659..a44fd92caca3 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -60,8 +60,7 @@ xattr_permission(struct inode *inode, const char *name, int mask)
60 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) 60 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
61 return -EPERM; 61 return -EPERM;
62 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && 62 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
63 (mask & MAY_WRITE) && (current->fsuid != inode->i_uid) && 63 (mask & MAY_WRITE) && !is_owner_or_cap(inode))
64 !capable(CAP_FOWNER))
65 return -EPERM; 64 return -EPERM;
66 } 65 }
67 66
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 58ce336d4a6b..98205f680476 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -284,6 +284,7 @@ extern int dir_notify_enable;
284#include <linux/pid.h> 284#include <linux/pid.h>
285#include <linux/mutex.h> 285#include <linux/mutex.h>
286#include <linux/sysctl.h> 286#include <linux/sysctl.h>
287#include <linux/capability.h>
287 288
288#include <asm/atomic.h> 289#include <asm/atomic.h>
289#include <asm/semaphore.h> 290#include <asm/semaphore.h>
@@ -990,6 +991,9 @@ enum {
990#define put_fs_excl() atomic_dec(&current->fs_excl) 991#define put_fs_excl() atomic_dec(&current->fs_excl)
991#define has_fs_excl() atomic_read(&current->fs_excl) 992#define has_fs_excl() atomic_read(&current->fs_excl)
992 993
994#define is_owner_or_cap(inode) \
995 ((current->fsuid == (inode)->i_uid) || capable(CAP_FOWNER))
996
993/* not quite ready to be deprecated, but... */ 997/* not quite ready to be deprecated, but... */
994extern void lock_super(struct super_block *); 998extern void lock_super(struct super_block *);
995extern void unlock_super(struct super_block *); 999extern void unlock_super(struct super_block *);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 78c3f98fcdcf..520b9998123e 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2318,7 +2318,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value
2318 if (sbsec->behavior == SECURITY_FS_USE_MNTPOINT) 2318 if (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
2319 return -EOPNOTSUPP; 2319 return -EOPNOTSUPP;
2320 2320
2321 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) 2321 if (!is_owner_or_cap(inode))
2322 return -EPERM; 2322 return -EPERM;
2323 2323
2324 AVC_AUDIT_DATA_INIT(&ad,FS); 2324 AVC_AUDIT_DATA_INIT(&ad,FS);
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-01 07:38:53 -0400