Skip to content
Snippets Groups Projects
Commit 3b0c2d3e authored by Eric W. Biederman's avatar Eric W. Biederman
Browse files

Revert 95ebabde ("capabilities: Don't allow writing ambiguous v3 file capabilities")

It turns out that there are in fact userspace implementations that
care and this recent change caused a regression.

https://github.com/containers/buildah/issues/3071



As the motivation for the original change was future development,
and the impact is existing real world code just revert this change
and allow the ambiguity in v3 file caps.

Cc: stable@vger.kernel.org
Fixes: 95ebabde ("capabilities: Don't allow writing ambiguous v3 file capabilities")
Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
parent a38fd874
No related branches found
No related tags found
No related merge requests found
......@@ -543,8 +543,7 @@ int cap_convert_nscap(struct user_namespace *mnt_userns, struct dentry *dentry,
__u32 magic, nsmagic;
struct inode *inode = d_backing_inode(dentry);
struct user_namespace *task_ns = current_user_ns(),
*fs_ns = inode->i_sb->s_user_ns,
*ancestor;
*fs_ns = inode->i_sb->s_user_ns;
kuid_t rootid;
size_t newsize;
......@@ -567,15 +566,6 @@ int cap_convert_nscap(struct user_namespace *mnt_userns, struct dentry *dentry,
if (nsrootid == -1)
return -EINVAL;
/*
* Do not allow allow adding a v3 filesystem capability xattr
* if the rootid field is ambiguous.
*/
for (ancestor = task_ns->parent; ancestor; ancestor = ancestor->parent) {
if (from_kuid(ancestor, rootid) == 0)
return -EINVAL;
}
newsize = sizeof(struct vfs_ns_cap_data);
nscap = kmalloc(newsize, GFP_ATOMIC);
if (!nscap)
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment