1 files changed, 5 insertions, 13 deletions
diff --git a/fs/namei.c b/fs/namei.c
index 701954d68ac7..941c4362e298 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -228,9 +228,6 @@ static int acl_permission_check(struct inode *inode, int mask)
 {
        unsigned int mode = inode->i_mode;
-        if (current_user_ns() != inode_userns(inode))
-                goto other_perms;
        if (likely(current_fsuid() == inode->i_uid))
                mode >>= 6;
        else {
@@ -244,7 +241,6 @@ static int acl_permission_check(struct inode *inode, int mask)
                        mode >>= 3;
        }
-other_perms:
        /*
         * If the DACs are ok we don't need any capability check.
         */
@@ -280,10 +276,10 @@ int generic_permission(struct inode *inode, int mask)
        if (S_ISDIR(inode->i_mode)) {
                /* DACs are overridable for directories */
-                if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
+                if (inode_capable(inode, CAP_DAC_OVERRIDE))
                        return 0;
                if (!(mask & MAY_WRITE))
-                        if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
+                        if (inode_capable(inode, CAP_DAC_READ_SEARCH))
                                return 0;
                return -EACCES;
        }
@@ -293,7 +289,7 @@ int generic_permission(struct inode *inode, int mask)
         * at least one exec bit set.
         */
        if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO))
-                if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
+                if (inode_capable(inode, CAP_DAC_OVERRIDE))
                        return 0;
        /*
@@ -301,7 +297,7 @@ int generic_permission(struct inode *inode, int mask)
         */
        mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
        if (mask == MAY_READ)
-                if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
+                if (inode_capable(inode, CAP_DAC_READ_SEARCH))
                        return 0;
        return -EACCES;
@@ -1964,15 +1960,11 @@ static inline int check_sticky(struct inode *dir, struct inode *inode)
        if (!(dir->i_mode & S_ISVTX))
                return 0;
-        if (current_user_ns() != inode_userns(inode))
-                goto other_userns;
        if (inode->i_uid == fsuid)
                return 0;
        if (dir->i_uid == fsuid)
                return 0;
+        return !inode_capable(inode, CAP_FOWNER);
-other_userns:
-        return !ns_capable(inode_userns(inode), CAP_FOWNER);
 }
 /*

diff --git a/fs/namei.c b/fs/namei.c index 701954d68ac7..941c4362e298 100644 --- a/fs/namei.c +++ b/fs/namei.c
@@ -228,9 +228,6 @@ static int acl_permission_check(struct inode *inode, int mask)
228	{	228	{
229	unsigned int mode = inode->i_mode;	229	unsigned int mode = inode->i_mode;
230		230
231	if (current_user_ns() != inode_userns(inode))
232	goto other_perms;
233
234	if (likely(current_fsuid() == inode->i_uid))	231	if (likely(current_fsuid() == inode->i_uid))
235	mode >>= 6;	232	mode >>= 6;
236	else {	233	else {
@@ -244,7 +241,6 @@ static int acl_permission_check(struct inode *inode, int mask)
244	mode >>= 3;	241	mode >>= 3;
245	}	242	}
246		243
247	other_perms:
248	/*	244	/*
249	* If the DACs are ok we don't need any capability check.	245	* If the DACs are ok we don't need any capability check.
250	*/	246	*/
@@ -280,10 +276,10 @@ int generic_permission(struct inode *inode, int mask)
280		276
281	if (S_ISDIR(inode->i_mode)) {	277	if (S_ISDIR(inode->i_mode)) {
282	/* DACs are overridable for directories */	278	/* DACs are overridable for directories */
283	if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))	279	if (inode_capable(inode, CAP_DAC_OVERRIDE))
284	return 0;	280	return 0;
285	if (!(mask & MAY_WRITE))	281	if (!(mask & MAY_WRITE))
286	if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))	282	if (inode_capable(inode, CAP_DAC_READ_SEARCH))
287	return 0;	283	return 0;
288	return -EACCES;	284	return -EACCES;
289	}	285	}
@@ -293,7 +289,7 @@ int generic_permission(struct inode *inode, int mask)
293	* at least one exec bit set.	289	* at least one exec bit set.
294	*/	290	*/
295	if (!(mask & MAY_EXEC) \|\| (inode->i_mode & S_IXUGO))	291	if (!(mask & MAY_EXEC) \|\| (inode->i_mode & S_IXUGO))
296	if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))	292	if (inode_capable(inode, CAP_DAC_OVERRIDE))
297	return 0;	293	return 0;
298		294
299	/*	295	/*
@@ -301,7 +297,7 @@ int generic_permission(struct inode *inode, int mask)
301	*/	297	*/
302	mask &= MAY_READ \| MAY_WRITE \| MAY_EXEC;	298	mask &= MAY_READ \| MAY_WRITE \| MAY_EXEC;
303	if (mask == MAY_READ)	299	if (mask == MAY_READ)
304	if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))	300	if (inode_capable(inode, CAP_DAC_READ_SEARCH))
305	return 0;	301	return 0;
306		302
307	return -EACCES;	303	return -EACCES;
@@ -1964,15 +1960,11 @@ static inline int check_sticky(struct inode dir, struct inode inode)
1964		1960
1965	if (!(dir->i_mode & S_ISVTX))	1961	if (!(dir->i_mode & S_ISVTX))
1966	return 0;	1962	return 0;
1967	if (current_user_ns() != inode_userns(inode))
1968	goto other_userns;
1969	if (inode->i_uid == fsuid)	1963	if (inode->i_uid == fsuid)
1970	return 0;	1964	return 0;
1971	if (dir->i_uid == fsuid)	1965	if (dir->i_uid == fsuid)
1972	return 0;	1966	return 0;
1973		1967	return !inode_capable(inode, CAP_FOWNER);
1974	other_userns:
1975	return !ns_capable(inode_userns(inode), CAP_FOWNER);
1976	}	1968	}
1977		1969
1978	/*	1970	/*