[Devel] [PATCH RH9 23/33] ve/fs/namei: fix capabilities check in sys_renameat2 () to support Containers
Andrey Zhadchenko
andrey.zhadchenko at virtuozzo.com
Thu Sep 23 22:08:26 MSK 2021
From: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
Signed-off-by: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
Rebased to vz9:
- ve_capable is moved to vfs_mknod becase due to ms
commit a3c751a50fe6 ("vfs: allow unprivileged whiteout creation")
(cherry picked from commit vz8 ea5765973b0087b555d608622b4ad6a676395b23)
Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko at virtuozzo.com>
---
fs/namei.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/namei.c b/fs/namei.c
index bf6d8a7..8eee5ad 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -3687,7 +3687,7 @@ int vfs_mknod(struct user_namespace *mnt_userns, struct inode *dir,
return error;
if ((S_ISCHR(mode) || S_ISBLK(mode)) && !is_whiteout &&
- !capable(CAP_MKNOD))
+ !ve_capable(CAP_MKNOD))
return -EPERM;
if (!dir->i_op->mknod)
--
1.8.3.1
More information about the Devel
mailing list