xfs_fileattr_set() handles idmapped mounts correctly and do not drop this bits. Unfortunately chown syscall results in different callstask: i_op->xfs_vn_setattr()->...->xfs_setattr_nonsize() which checks if process has CAP_FSETID capable in init_user_ns rather than mntns userns. Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko@xxxxxxxxxxxxx> --- fs/xfs/xfs_iops.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c index 09211e1d08ad..5b1fe635d153 100644 --- a/fs/xfs/xfs_iops.c +++ b/fs/xfs/xfs_iops.c @@ -774,7 +774,7 @@ xfs_setattr_nonsize( * cleared upon successful return from chown() */ if ((inode->i_mode & (S_ISUID|S_ISGID)) && - !capable(CAP_FSETID)) + !capable_wrt_inode_uidgid(mnt_userns, inode, CAP_FSETID)) inode->i_mode &= ~(S_ISUID|S_ISGID); /* -- 2.35.0.rc2
