1 files changed, 2 insertions, 1 deletions
diff --git a/fs/open.c b/fs/open.c
index 5720854156db..92335f663545 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -316,7 +316,8 @@ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode)
        if (!issecure(SECURE_NO_SETUID_FIXUP)) {
                /* Clear the capabilities if we switch to a non-root user */
-                if (override_cred->uid)
+                kuid_t root_uid = make_kuid(override_cred->user_ns, 0);
+                if (!uid_eq(override_cred->uid, root_uid))
                        cap_clear(override_cred->cap_effective);
                else
                        override_cred->cap_effective =

diff --git a/fs/open.c b/fs/open.c index 5720854156db..92335f663545 100644 --- a/fs/open.c +++ b/fs/open.c
@@ -316,7 +316,8 @@ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode)
316		316
317	if (!issecure(SECURE_NO_SETUID_FIXUP)) {	317	if (!issecure(SECURE_NO_SETUID_FIXUP)) {
318	/* Clear the capabilities if we switch to a non-root user */	318	/* Clear the capabilities if we switch to a non-root user */
319	if (override_cred->uid)	319	kuid_t root_uid = make_kuid(override_cred->user_ns, 0);
		320	if (!uid_eq(override_cred->uid, root_uid))
320	cap_clear(override_cred->cap_effective);	321	cap_clear(override_cred->cap_effective);
321	else	322	else
322	override_cred->cap_effective =	323	override_cred->cap_effective =