diff options
Diffstat (limited to 'kernel/capability.c')
| -rw-r--r-- | kernel/capability.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/kernel/capability.c b/kernel/capability.c index 3f1adb6c6470..493d97259484 100644 --- a/kernel/capability.c +++ b/kernel/capability.c | |||
| @@ -419,3 +419,24 @@ bool nsown_capable(int cap) | |||
| 419 | { | 419 | { |
| 420 | return ns_capable(current_user_ns(), cap); | 420 | return ns_capable(current_user_ns(), cap); |
| 421 | } | 421 | } |
| 422 | |||
| 423 | /** | ||
| 424 | * inode_capable - Check superior capability over inode | ||
| 425 | * @inode: The inode in question | ||
| 426 | * @cap: The capability in question | ||
| 427 | * | ||
| 428 | * Return true if the current task has the given superior capability | ||
| 429 | * targeted at it's own user namespace and that the given inode is owned | ||
| 430 | * by the current user namespace or a child namespace. | ||
| 431 | * | ||
| 432 | * Currently we check to see if an inode is owned by the current | ||
| 433 | * user namespace by seeing if the inode's owner maps into the | ||
| 434 | * current user namespace. | ||
| 435 | * | ||
| 436 | */ | ||
| 437 | bool inode_capable(const struct inode *inode, int cap) | ||
| 438 | { | ||
| 439 | struct user_namespace *ns = current_user_ns(); | ||
| 440 | |||
| 441 | return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid); | ||
| 442 | } | ||