1 files changed, 19 insertions, 0 deletions
diff --git a/kernel/capability.c b/kernel/capability.c
index 3f1adb6c6470..cc5f0718215d 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -419,3 +419,22 @@ bool nsown_capable(int cap)
 {
        return ns_capable(current_user_ns(), cap);
 }
+/**
+ * inode_capable - Check superior capability over inode
+ * @inode: The inode in question
+ * @cap: The capability in question
+ *
+ * Return true if the current task has the given superior capability
+ * targeted at it's own user namespace and that the given inode is owned
+ * by the current user namespace or a child namespace.
+ *
+ * Currently inodes can only be owned by the initial user namespace.
+ *
+ */
+bool inode_capable(const struct inode *inode, int cap)
+{
+        struct user_namespace *ns = current_user_ns();
+        return ns_capable(ns, cap) && (ns == &init_user_ns);
+}

diff --git a/kernel/capability.c b/kernel/capability.c index 3f1adb6c6470..cc5f0718215d 100644 --- a/kernel/capability.c +++ b/kernel/capability.c
@@ -419,3 +419,22 @@ bool nsown_capable(int cap)
419	{	419	{
420	return ns_capable(current_user_ns(), cap);	420	return ns_capable(current_user_ns(), cap);
421	}	421	}
		422
		423	/**
		424	* inode_capable - Check superior capability over inode
		425	* @inode: The inode in question
		426	* @cap: The capability in question
		427	*
		428	* Return true if the current task has the given superior capability
		429	* targeted at it's own user namespace and that the given inode is owned
		430	* by the current user namespace or a child namespace.
		431	*
		432	* Currently inodes can only be owned by the initial user namespace.
		433	*
		434	*/
		435	bool inode_capable(const struct inode *inode, int cap)
		436	{
		437	struct user_namespace *ns = current_user_ns();
		438
		439	return ns_capable(ns, cap) && (ns == &init_user_ns);
		440	}