Commit c9f892ab authored by Seth Forshee's avatar Seth Forshee

fs: Don't remove suid for CAP_FSETID in s_user_ns

Expand the check in should_remove_suid() to keep privileges for
CAP_FSETID in s_user_ns rather than init_user_ns.
Signed-off-by: default avatarSeth Forshee <seth.forshee@canonical.com>
parent 28455c5a
...@@ -1683,7 +1683,8 @@ int should_remove_suid(struct dentry *dentry) ...@@ -1683,7 +1683,8 @@ int should_remove_suid(struct dentry *dentry)
if (unlikely((mode & S_ISGID) && (mode & S_IXGRP))) if (unlikely((mode & S_ISGID) && (mode & S_IXGRP)))
kill |= ATTR_KILL_SGID; kill |= ATTR_KILL_SGID;
if (unlikely(kill && !capable(CAP_FSETID) && S_ISREG(mode))) if (unlikely(kill && !ns_capable(dentry->d_sb->s_user_ns, CAP_FSETID) &&
S_ISREG(mode)))
return kill; return kill;
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment