fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems

The user in control of a super block should be allowed to freeze and thaw it. Relax the restrictions on the FIFREEZE and FITHAW ioctls to require CAP_SYS_ADMIN in s_user_ns. Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems
The user in control of a super block should be allowed to freeze and thaw it. Relax the restrictions on the FIFREEZE and FITHAW ioctls to require CAP_SYS_ADMIN in s_user_ns. Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
4a13b10e · Seth Forshee · 46434eee · 4a13b10e
Commit 4a13b10e authored Feb 15, 2015 by Seth Forshee
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

fs/ioctl.c fs/ioctl.c +2 -2

No files found.
--- a/fs/ioctl.c
+++ b/fs/ioctl.c
@@ -519,7 +519,7 @@ static int ioctl_fsfreeze(struct file *filp)
 {
 	struct super_block *sb = file_inode(filp)->i_sb;
-	if (!capable(CAP_SYS_ADMIN))
+	if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN))
 		return -EPERM;
 	/* If filesystem doesn't support freeze feature, return. */
@@ -536,7 +536,7 @@ static int ioctl_fsthaw(struct file *filp)
 {
 	struct super_block *sb = file_inode(filp)->i_sb;
-	if (!capable(CAP_SYS_ADMIN))
+	if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN))
 		return -EPERM;
 	/* Thaw */