BugLink: https://bugs.launchpad.net/bugs/1644165
This reverts commit
db19ff87e3f993e46217f369a066f9d1d4691df8.
The kernel fix for bug #
1634964 breaks LXD userspace, in particular the
following commits:
ac7f3f73cb39 (namespace) vfs: Don't modify inodes with a uid or gid unknown to the vfs
ca52383ad6a6 (namespace) vfs: Don't create inodes with a uid or gid unknown to the vfs
LXD 2.0.6 will include changes to support these kernel changes, but it isn't
available yet on xenial, so for now we just revert these commits.
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
enum integrity_status evm_status;
if (strcmp(xattr_name, XATTR_NAME_EVM) == 0) {
- if (!capable(CAP_SYS_ADMIN))
+ if (!ns_capable(dentry->d_sb->s_user_ns, CAP_SYS_ADMIN))
return -EPERM;
} else if (!evm_protected_xattr(xattr_name)) {
if (!posix_xattr_acl(xattr_name))
const void *xattr_value, size_t xattr_value_len)
{
if (strcmp(xattr_name, XATTR_NAME_IMA) == 0) {
- if (!capable(CAP_SYS_ADMIN))
+ if (!ns_capable(dentry->d_sb->s_user_ns, CAP_SYS_ADMIN))
return -EPERM;
return 1;
}