UBUNTU: SAUCE: (namespace) fs: Allow superblock owner to change ownership of inodes

[mirror_ubuntu-bionic-kernel.git] / fs / proc / base.c

diff --git a/fs/proc/base.c b/fs/proc/base.c
index 60316b52d6591459d4c25bc0d434c4bfea3d2fef..0842c0011b5c715674abf6c6f12bd2a2d0103a64 100644 (file)
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -664,10 +664,17 @@ int proc_setattr(struct dentry *dentry, struct iattr *attr)
 {
        int error;
        struct inode *inode = d_inode(dentry);
+       struct user_namespace *s_user_ns;
 
        if (attr->ia_valid & ATTR_MODE)
                return -EPERM;
 
+       /* Don't let anyone mess with weird proc files */
+       s_user_ns = inode->i_sb->s_user_ns;
+       if (!kuid_has_mapping(s_user_ns, inode->i_uid) ||
+           !kgid_has_mapping(s_user_ns, inode->i_gid))
+               return -EPERM;
+
        error = setattr_prepare(dentry, attr);
        if (error)
                return error;