1 files changed, 14 insertions, 4 deletions

diff --git a/fs/open.c b/fs/open.c
index 5720854156db..d54301219d04 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -316,7 +316,8 @@ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode)
 
         if (!issecure(SECURE_NO_SETUID_FIXUP)) {
                 /* Clear the capabilities if we switch to a non-root user */
-                if (override_cred->uid)
+                kuid_t root_uid = make_kuid(override_cred->user_ns, 0);
+                if (!uid_eq(override_cred->uid, root_uid))
                         cap_clear(override_cred->cap_effective);
                 else
                         override_cred->cap_effective =
@@ -505,15 +506,24 @@ static int chown_common(struct path *path, uid_t user, gid_t group)
         struct inode *inode = path->dentry->d_inode;
         int error;
         struct iattr newattrs;
+        kuid_t uid;
+        kgid_t gid;
+
+        uid = make_kuid(current_user_ns(), user);
+        gid = make_kgid(current_user_ns(), group);
 
         newattrs.ia_valid =  ATTR_CTIME;
         if (user != (uid_t) -1) {
+                if (!uid_valid(uid))
+                        return -EINVAL;
                 newattrs.ia_valid |= ATTR_UID;
-                newattrs.ia_uid = user;
+                newattrs.ia_uid = uid;
         }
         if (group != (gid_t) -1) {
+                if (!gid_valid(gid))
+                        return -EINVAL;
                 newattrs.ia_valid |= ATTR_GID;
-                newattrs.ia_gid = group;
+                newattrs.ia_gid = gid;
         }
         if (!S_ISDIR(inode->i_mode))
                 newattrs.ia_valid |=
@@ -681,7 +691,7 @@ static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt,
 
         f->f_op = fops_get(inode->i_fop);
 
-        error = security_dentry_open(f, cred);
+        error = security_file_open(f, cred);
         if (error)
                 goto cleanup_all;