-
Seth Forshee authored
A privileged user in a super block's s_user_ns is privileged towards that file system and thus should be allowed to set file capabilities. The file capabilities will not be trusted outside of s_user_ns, so an unprivileged user cannot use this to gain privileges in a user namespace where they are not already privileged. Signed-off-by:Seth Forshee <seth.forshee@canonical.com>
6a5744f6
