From: Luis Henriques <luis.henriques@canonical.com>
Date: Wed, 23 Nov 2016 10:00:05 +0000 (+0000)
Subject: Revert "(namespace) Revert "UBUNTU: SAUCE: fs: Don't remove suid for CAP_FSETID in... 
X-Git-Tag: Ubuntu-snapdragon-4.4.0-1050.54~1492
X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=256332a1bfe633498b968bad1ddd089cd8934505;p=mirror_ubuntu-artful-kernel.git

Revert "(namespace) Revert "UBUNTU: SAUCE: fs: Don't remove suid for CAP_FSETID in s_user_ns""

BugLink: https://bugs.launchpad.net/bugs/1644165

This reverts commit e47ad83f3ed90397c83577a17ebda2cf0f789552.

The kernel fix for bug #1634964 breaks LXD userspace, in particular the
following commits:

ac7f3f73cb39 (namespace) vfs: Don't modify inodes with a uid or gid unknown to the vfs
ca52383ad6a6 (namespace) vfs: Don't create inodes with a uid or gid unknown to the vfs

LXD 2.0.6 will include changes to support these kernel changes, but it isn't
available yet on xenial, so for now we just revert these commits.

Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
---

diff --git a/fs/inode.c b/fs/inode.c
index 07453fb3c88d..91cf406b2b5c 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -1691,7 +1691,8 @@ int should_remove_suid(struct dentry *dentry)
 	if (unlikely((mode & S_ISGID) && (mode & S_IXGRP)))
 		kill |= ATTR_KILL_SGID;
 
-	if (unlikely(kill && !capable(CAP_FSETID) && S_ISREG(mode)))
+	if (unlikely(kill && !ns_capable(dentry->d_sb->s_user_ns, CAP_FSETID) &&
+		     S_ISREG(mode)))
 		return kill;
 
 	return 0;