X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=security%2Fcommoncap.c;h=7786d7be766f2655f5aba2ddb326dd90288eece7;hb=18c3962f90eabccce864af692bd7cb30439bdc2b;hp=8df676fbd39366274bf7da334ac5f2aca00c36ae;hpb=96e132ebc0a162c643e0e6e6f1f85c3be3355715;p=mirror_ubuntu-zesty-kernel.git diff --git a/security/commoncap.c b/security/commoncap.c index 8df676fbd393..7786d7be766f 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -448,7 +448,7 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c if (!file_caps_enabled) return 0; - if (!mnt_may_suid(bprm->file->f_path.mnt)) + if (path_nosuid(&bprm->file->f_path)) return 0; /* @@ -659,15 +659,17 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) int cap_inode_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) { + struct user_namespace *user_ns = dentry->d_sb->s_user_ns; + if (!strcmp(name, XATTR_NAME_CAPS)) { - if (!capable(CAP_SETFCAP)) + if (!ns_capable(user_ns, CAP_SETFCAP)) return -EPERM; return 0; } if (!strncmp(name, XATTR_SECURITY_PREFIX, sizeof(XATTR_SECURITY_PREFIX) - 1) && - !capable(CAP_SYS_ADMIN)) + !ns_capable(user_ns, CAP_SYS_ADMIN)) return -EPERM; return 0; } @@ -685,15 +687,17 @@ int cap_inode_setxattr(struct dentry *dentry, const char *name, */ int cap_inode_removexattr(struct dentry *dentry, const char *name) { + struct user_namespace *user_ns = dentry->d_sb->s_user_ns; + if (!strcmp(name, XATTR_NAME_CAPS)) { - if (!capable(CAP_SETFCAP)) + if (!ns_capable(user_ns, CAP_SETFCAP)) return -EPERM; return 0; } if (!strncmp(name, XATTR_SECURITY_PREFIX, sizeof(XATTR_SECURITY_PREFIX) - 1) && - !capable(CAP_SYS_ADMIN)) + !ns_capable(user_ns, CAP_SYS_ADMIN)) return -EPERM; return 0; } @@ -1061,12 +1065,14 @@ int cap_mmap_addr(unsigned long addr) } return ret; } +EXPORT_SYMBOL_GPL(cap_mmap_addr); int cap_mmap_file(struct file *file, unsigned long reqprot, unsigned long prot, unsigned long flags) { return 0; } +EXPORT_SYMBOL_GPL(cap_mmap_file); #ifdef CONFIG_SECURITY