From: Eric W. Biederman <ebiederm@xxxxxxxxxxxx>
Signed-off-by: Eric W. Biederman <ebiederm@xxxxxxxxxxxx>
---
kernel/capability.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/kernel/capability.c b/kernel/capability.c
index cc5f071..493d972 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -429,12 +429,14 @@ bool nsown_capable(int cap)
* targeted at it's own user namespace and that the given inode is owned
* by the current user namespace or a child namespace.
*
- * Currently inodes can only be owned by the initial user namespace.
+ * Currently we check to see if an inode is owned by the current
+ * user namespace by seeing if the inode's owner maps into the
+ * current user namespace.
*
*/
bool inode_capable(const struct inode *inode, int cap)
{
struct user_namespace *ns = current_user_ns();
- return ns_capable(ns, cap) && (ns == &init_user_ns);
+ return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid);
}
--
1.7.2.5
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
