Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-12-17 08:31:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'for-v5.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace

Browse Source 
Pull userns fix from Eric Biederman:
 "Removing the ambiguity broke userspace so this reverts the change"

* 'for-v5.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
  Revert 95ebabde38 ("capabilities: Don't allow writing ambiguous v3 file capabilities")
This commit is contained in:
Linus Torvalds 2021-03-12 13:58:04 -08:00
commit b6b8aa27a3
1 changed files with 1 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
security/commoncap.c
View File

@ -543,8 +543,7 @@ int cap_convert_nscap(struct user_namespace *mnt_userns, struct dentry *dentry,
__u32 magic, nsmagic; __u32 magic, nsmagic;
struct inode *inode = d_backing_inode(dentry); struct inode *inode = d_backing_inode(dentry);
struct user_namespace *task_ns = current_user_ns(), struct user_namespace *task_ns = current_user_ns(),
*fs_ns = inode->i_sb->s_user_ns, *fs_ns = inode->i_sb->s_user_ns;
*ancestor;
kuid_t rootid; kuid_t rootid;
size_t newsize; size_t newsize;
@ -567,15 +566,6 @@ int cap_convert_nscap(struct user_namespace *mnt_userns, struct dentry *dentry,
if (nsrootid == -1) if (nsrootid == -1)
return -EINVAL; return -EINVAL;
/*
* Do not allow allow adding a v3 filesystem capability xattr
* if the rootid field is ambiguous.
*/
for (ancestor = task_ns->parent; ancestor; ancestor = ancestor->parent) {
if (from_kuid(ancestor, rootid) == 0)
return -EINVAL;
}
newsize = sizeof(struct vfs_ns_cap_data); newsize = sizeof(struct vfs_ns_cap_data);
nscap = kmalloc(newsize, GFP_ATOMIC); nscap = kmalloc(newsize, GFP_ATOMIC);
if (!nscap) if (!nscap)