]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blobdiff - security/commoncap.c
projects / mirror_ubuntu-bionic-kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fs: Limit file caps to the user namespace of the super block
[mirror_ubuntu-bionic-kernel.git] / security / commoncap.c
diff --git a/security/commoncap.c b/security/commoncap.c
index e7fadde737f41cb48aa1e25f6a486375e4d8f597..e109e6dac85870848c593790c6196f70dcaf877d 100644 (file)
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -455,6 +455,8 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c
 
        if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
                return 0;
+       if (!current_in_userns(bprm->file->f_path.mnt->mnt_sb->s_user_ns))
+               return 0;
 
        rc = get_vfs_caps_from_disk(bprm->file->f_path.dentry, &vcaps);
        if (rc < 0) {
ubuntu-bionic-kernel mirror