Commit b6b8aa27 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge branch 'for-v5.12-rc3' of... 

Merge branch 'for-v5.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace

Pull userns fix from Eric Biederman:
 "Removing the ambiguity broke userspace so this reverts the change"

* 'for-v5.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
  Revert 95ebabde ("capabilities: Don't allow writing ambiguous v3 file capabilities")
parents 9afc1163 3b0c2d3e

security/commoncap.c

+1 −11
Original line number Diff line number Diff line
@@ -543,8 +543,7 @@ int cap_convert_nscap(struct user_namespace *mnt_userns, struct dentry *dentry, 
	__u32 magic, nsmagic;

	struct inode *inode = d_backing_inode(dentry);

	struct user_namespace *task_ns = current_user_ns(),

		*fs_ns = inode->i_sb->s_user_ns,

		*ancestor;

		*fs_ns = inode->i_sb->s_user_ns;

	kuid_t rootid;

	size_t newsize;
@@ -567,15 +566,6 @@ int cap_convert_nscap(struct user_namespace *mnt_userns, struct dentry *dentry, 
	if (nsrootid == -1)

		return -EINVAL;



	/*

	 * Do not allow allow adding a v3 filesystem capability xattr

	 * if the rootid field is ambiguous.

	 */

	for (ancestor = task_ns->parent; ancestor; ancestor = ancestor->parent) {

		if (from_kuid(ancestor, rootid) == 0)

			return -EINVAL;

	}



	newsize = sizeof(struct vfs_ns_cap_data);

	nscap = kmalloc(newsize, GFP_ATOMIC);

	if (!nscap)