Revert "capabitlies: ns_capable can use the cap helpers rather than lsm call"
This reverts commit d2a7009f0b
.
J. R. Okajima explains:
"After this commit, I am afraid access(2) on NFS may not work
correctly. The scenario based upon my guess.
- access(2) overrides the credentials.
- calls inode_permission() -- ... -- generic_permission() --
ns_capable().
- while the old ns_capable() calls security_capable(current_cred()),
the new ns_capable() calls has_ns_capability(current) --
security_capable(__task_cred(t)).
current_cred() returns current->cred which is effective (overridden)
credentials, but __task_cred(current) returns current->real_cred (the
NFSD's credential). And the overridden credentials by access(2) lost."
Requested-by: J. R. Okajima <hooanon05@yahoo.co.jp>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
c2bc3a316a
commit
951880e634
|
@ -384,7 +384,7 @@ bool ns_capable(struct user_namespace *ns, int cap)
|
|||
BUG();
|
||||
}
|
||||
|
||||
if (has_ns_capability(current, ns, cap)) {
|
||||
if (security_capable(current_cred(), ns, cap) == 0) {
|
||||
current->flags |= PF_SUPERPRIV;
|
||||
return true;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue