From: Björn Jacke <bj@sernet.de>
Date: Fri, 17 Jun 2022 05:25:08 +0000 (+0200)
Subject: vfs_acl_common.c: prefer capabilities over become_root
X-Git-Tag: talloc-2.4.2~648
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=12734848dc9901b932644139aaa7e3f78e55c8dc;p=thirdparty%2Fsamba.git

vfs_acl_common.c: prefer capabilities over become_root

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
---

diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index daad612e565..692e776d10c 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -761,9 +761,9 @@ static NTSTATUS set_underlying_acl(vfs_handle_struct *handle, files_struct *fsp,
 
 	/* Ok, we failed to chown and we have
 	   SEC_STD_WRITE_OWNER access - override. */
-	become_root();
+	set_effective_capability(DAC_OVERRIDE_CAPABILITY);
 	status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
-	unbecome_root();
+	drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
 
 	return status;
 }
@@ -1069,7 +1069,7 @@ static int acl_common_remove_object(vfs_handle_struct *handle,
 		goto out;
 	}
 
-	become_root();
+	set_effective_capability(DAC_OVERRIDE_CAPABILITY);
 	if (is_directory) {
 		ret = SMB_VFS_NEXT_UNLINKAT(handle,
 				dirfsp,
@@ -1081,7 +1081,7 @@ static int acl_common_remove_object(vfs_handle_struct *handle,
 				smb_fname,
 				0);
 	}
-	unbecome_root();
+	drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
 
 	if (ret == -1) {
 		saved_errno = errno;