1 From 3b0c2d3eaa83da259d7726192cf55a137769012f Mon Sep 17 00:00:00 2001
2 From: "Eric W. Biederman" <ebiederm@xmission.com>
3 Date: Fri, 12 Mar 2021 15:07:09 -0600
4 Subject: Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities")
6 From: Eric W. Biederman <ebiederm@xmission.com>
8 commit 3b0c2d3eaa83da259d7726192cf55a137769012f upstream.
10 It turns out that there are in fact userspace implementations that
11 care and this recent change caused a regression.
13 https://github.com/containers/buildah/issues/3071
15 As the motivation for the original change was future development,
16 and the impact is existing real world code just revert this change
17 and allow the ambiguity in v3 file caps.
19 Cc: stable@vger.kernel.org
20 Fixes: 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities")
21 Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
22 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
24 security/commoncap.c | 12 +-----------
25 1 file changed, 1 insertion(+), 11 deletions(-)
27 --- a/security/commoncap.c
28 +++ b/security/commoncap.c
29 @@ -500,8 +500,7 @@ int cap_convert_nscap(struct dentry *den
31 struct inode *inode = d_backing_inode(dentry);
32 struct user_namespace *task_ns = current_user_ns(),
33 - *fs_ns = inode->i_sb->s_user_ns,
35 + *fs_ns = inode->i_sb->s_user_ns;
39 @@ -524,15 +523,6 @@ int cap_convert_nscap(struct dentry *den
44 - * Do not allow allow adding a v3 filesystem capability xattr
45 - * if the rootid field is ambiguous.
47 - for (ancestor = task_ns->parent; ancestor; ancestor = ancestor->parent) {
48 - if (from_kuid(ancestor, rootid) == 0)
52 newsize = sizeof(struct vfs_ns_cap_data);
53 nscap = kmalloc(newsize, GFP_ATOMIC);
projects / thirdparty / kernel / stable-queue.git / blob