BugLink: https://bugs.launchpad.net/bugs/1644165
This reverts commit
392767a8218721745b75fb24d36adba964b92fa6.
The kernel fix for bug #
1634964 breaks LXD userspace, in particular the
following commits:
ac7f3f73cb39 (namespace) vfs: Don't modify inodes with a uid or gid unknown to the vfs
ca52383ad6a6 (namespace) vfs: Don't create inodes with a uid or gid unknown to the vfs
LXD 2.0.6 will include changes to support these kernel changes, but it isn't
available yet on xenial, so for now we just revert these commits.
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
return rc;
}
- rc = posix_acl_valid(&init_user_ns, acl);
+ rc = posix_acl_valid(acl);
if (rc) {
CERROR("validate acl: %d\n", rc);
posix_acl_release(acl);
if (IS_ERR(acl))
return PTR_ERR(acl);
else if (acl) {
- retval = posix_acl_valid(inode->i_sb->s_user_ns, acl);
+ retval = posix_acl_valid(acl);
if (retval)
goto err_out;
}
* Check if an acl is valid. Returns 0 if it is, or -E... otherwise.
*/
int
-posix_acl_valid(struct user_namespace *user_ns, const struct posix_acl *acl)
+posix_acl_valid(const struct posix_acl *acl)
{
const struct posix_acl_entry *pa, *pe;
int state = ACL_USER_OBJ;
case ACL_USER:
if (state != ACL_USER)
return -EINVAL;
- if (!kuid_has_mapping(user_ns, pa->e_uid))
+ if (!uid_valid(pa->e_uid))
return -EINVAL;
needs_mask = 1;
break;
case ACL_GROUP:
if (state != ACL_GROUP)
return -EINVAL;
- if (!kgid_has_mapping(user_ns, pa->e_gid))
+ if (!gid_valid(pa->e_gid))
return -EINVAL;
needs_mask = 1;
break;
return -EPERM;
if (acl) {
- int ret = posix_acl_valid(inode->i_sb->s_user_ns, acl);
+ int ret = posix_acl_valid(acl);
if (ret)
return ret;
}
extern void posix_acl_init(struct posix_acl *, int);
extern struct posix_acl *posix_acl_alloc(int, gfp_t);
-extern int posix_acl_valid(struct user_namespace *, const struct posix_acl *);
+extern int posix_acl_valid(const struct posix_acl *);
extern int posix_acl_permission(struct inode *, const struct posix_acl *, int);
extern struct posix_acl *posix_acl_from_mode(umode_t, gfp_t);
extern int posix_acl_equiv_mode(const struct posix_acl *, umode_t *);
if (IS_ERR(acl))
return (PTR_ERR(acl));
else if (acl) {
- error = posix_acl_valid(ip->i_sb->s_user_ns, acl);
+ error = posix_acl_valid(acl);
if (error) {
zpl_posix_acl_release(acl);
return (error);
if (IS_ERR(acl))
return (PTR_ERR(acl));
else if (acl) {
- error = posix_acl_valid(ip->i_sb->s_user_ns, acl);
+ error = posix_acl_valid(acl);
if (error) {
zpl_posix_acl_release(acl);
return (error);