apply changes from mainline to grsecurity nolog functions.
if (capable_wrt_inode_uidgid(inode,
CAP_DAC_READ_SEARCH))
return 0;
- if (inode_capable(inode, CAP_DAC_OVERRIDE))
+ if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
return 0;
return -EACCES;
}
*/
mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
if (mask == MAY_READ)
- if (inode_capable_nolog(inode, CAP_DAC_OVERRIDE) ||
- inode_capable(inode, CAP_DAC_READ_SEARCH))
+ if (capable_wrt_inode_uidgid_nolog(inode, CAP_DAC_OVERRIDE) ||
+ capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH))
return 0;
/*
extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap);
extern bool capable_nolog(int cap);
extern bool ns_capable_nolog(struct user_namespace *ns, int cap);
-extern bool inode_capable_nolog(const struct inode *inode, int cap);
+extern bool capable_wrt_inode_uidgid_nolog(const struct inode *inode, int cap);
/* audit system wants to get cap info from files as well */
extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
kgid_has_mapping(ns, inode->i_gid);
}
-bool inode_capable_nolog(const struct inode *inode, int cap)
+bool capable_wrt_inode_uidgid_nolog(const struct inode *inode, int cap)
{
struct user_namespace *ns = current_user_ns();
- return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid);
+ return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid) &&
+ kgid_has_mapping(ns, inode->i_gid);
}