On Fri, Aug 16, 2024 at 8:33 AM Hongbo Li <lihongbo22@xxxxxxxxxx> wrote:
>
> Since in_group_or_capable has been exported, we can use
> it to simplify the code when check group and capable.
>
> Signed-off-by: Hongbo Li <lihongbo22@xxxxxxxxxx>
> ---
> fs/overlayfs/inode.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
> index 35fd3e3e1778..a0692595a5d6 100644
> --- a/fs/overlayfs/inode.c
> +++ b/fs/overlayfs/inode.c
> @@ -554,8 +554,8 @@ int ovl_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
> * be done with mounter's capabilities and so that won't do it for us).
> */
> if (unlikely(inode->i_mode & S_ISGID) && type == ACL_TYPE_ACCESS &&
> - !in_group_p(inode->i_gid) &&
> - !capable_wrt_inode_uidgid(&nop_mnt_idmap, inode, CAP_FSETID)) {
> + !in_group_or_capable(&nop_mnt_idmap, inode,
> + i_gid_into_vfsgid(&nop_mnt_idmap, inode))) {
> struct iattr iattr = { .ia_valid = ATTR_KILL_SGID };
>
> err = ovl_setattr(&nop_mnt_idmap, dentry, &iattr);
I will need Christian to comment on this patch, but it feels to me
like the checks
in ovl should mimic the checks in posix_acl_update_mode(), so it feels odd
to update one without the other.
Thanks,
Amir.
