mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-28 21:33:52 +00:00
Revert 95ebabde38
("capabilities: Don't allow writing ambiguous v3 file capabilities")
commit3b0c2d3eaa
upstream. It turns out that there are in fact userspace implementations that care and this recent change caused a regression. https://github.com/containers/buildah/issues/3071 As the motivation for the original change was future development, and the impact is existing real world code just revert this change and allow the ambiguity in v3 file caps. Cc: stable@vger.kernel.org Fixes:95ebabde38
("capabilities: Don't allow writing ambiguous v3 file capabilities") Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
f3a8be5278
commit
f95ea27037
1 changed files with 1 additions and 11 deletions
|
@ -507,8 +507,7 @@ int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t size)
|
|||
__u32 magic, nsmagic;
|
||||
struct inode *inode = d_backing_inode(dentry);
|
||||
struct user_namespace *task_ns = current_user_ns(),
|
||||
*fs_ns = inode->i_sb->s_user_ns,
|
||||
*ancestor;
|
||||
*fs_ns = inode->i_sb->s_user_ns;
|
||||
kuid_t rootid;
|
||||
size_t newsize;
|
||||
|
||||
|
@ -531,15 +530,6 @@ int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t size)
|
|||
if (nsrootid == -1)
|
||||
return -EINVAL;
|
||||
|
||||
/*
|
||||
* Do not allow allow adding a v3 filesystem capability xattr
|
||||
* if the rootid field is ambiguous.
|
||||
*/
|
||||
for (ancestor = task_ns->parent; ancestor; ancestor = ancestor->parent) {
|
||||
if (from_kuid(ancestor, rootid) == 0)
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
newsize = sizeof(struct vfs_ns_cap_data);
|
||||
nscap = kmalloc(newsize, GFP_ATOMIC);
|
||||
if (!nscap)
|
||||
|
|
Loading…
Reference in a new issue