]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blobdiff - security/commoncap.c
projects / mirror_ubuntu-bionic-kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
LSM: Check for NULL cred-security on free
[mirror_ubuntu-bionic-kernel.git] / security / commoncap.c
diff --git a/security/commoncap.c b/security/commoncap.c
index 48620c93d6976eca3a9b1cc3c34cfe21a69c7a39..4ec20bed8cbc69b9c1f12b2269617b406585c459 100644 (file)
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -388,7 +388,7 @@ int cap_inode_getsecurity(struct inode *inode, const char *name, void **buffer,
        if (strcmp(name, "capability") != 0)
                return -EOPNOTSUPP;
 
-       dentry = d_find_alias(inode);
+       dentry = d_find_any_alias(inode);
        if (!dentry)
                return -EINVAL;
 
@@ -449,6 +449,8 @@ int cap_inode_getsecurity(struct inode *inode, const char *name, void **buffer,
                                magic |= VFS_CAP_FLAGS_EFFECTIVE;
                        memcpy(&cap->data, &nscap->data, sizeof(__le32) * 2 * VFS_CAP_U32);
                        cap->magic_etc = cpu_to_le32(magic);
+               } else {
+                       size = -ENOMEM;
                }
        }
        kfree(tmpbuf);
@@ -660,7 +662,7 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_f
        if (!file_caps_enabled)
                return 0;
 
-       if (!mnt_may_suid(bprm->file->f_path.mnt))
+       if (path_nosuid(&bprm->file->f_path))
                return 0;
 
        /*
@@ -929,7 +931,7 @@ int cap_inode_setxattr(struct dentry *dentry, const char *name,
        if (strcmp(name, XATTR_NAME_CAPS) == 0)
                return 0;
 
-       if (!capable(CAP_SYS_ADMIN))
+       if (!ns_capable(dentry->d_sb->s_user_ns, CAP_SYS_ADMIN))
                return -EPERM;
        return 0;
 }
@@ -962,7 +964,7 @@ int cap_inode_removexattr(struct dentry *dentry, const char *name)
                return 0;
        }
 
-       if (!capable(CAP_SYS_ADMIN))
+       if (!ns_capable(dentry->d_sb->s_user_ns, CAP_SYS_ADMIN))
                return -EPERM;
        return 0;
 }
@@ -1330,12 +1332,14 @@ int cap_mmap_addr(unsigned long addr)
        }
        return ret;
 }
+EXPORT_SYMBOL_GPL(cap_mmap_addr);
 
 int cap_mmap_file(struct file *file, unsigned long reqprot,
                  unsigned long prot, unsigned long flags)
 {
        return 0;
 }
+EXPORT_SYMBOL_GPL(cap_mmap_file);
 
 #ifdef CONFIG_SECURITY
 
ubuntu-bionic-kernel mirror