On Mon, Feb 21, 2022 at 09:22:18PM +0300, Andrey Zhadchenko wrote: > xfs_fileattr_set() handles idmapped mounts correctly and do not drop this > bits. > Unfortunately chown syscall results in different callstask: > i_op->xfs_vn_setattr()->...->xfs_setattr_nonsize() which checks if process > has CAP_FSETID capable in init_user_ns rather than mntns userns. > > Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko@xxxxxxxxxxxxx> LGTM... Reviewed-by: Darrick J. Wong <djwong@xxxxxxxxxx> --D > --- > fs/xfs/xfs_iops.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c > index 09211e1d08ad..5b1fe635d153 100644 > --- a/fs/xfs/xfs_iops.c > +++ b/fs/xfs/xfs_iops.c > @@ -774,7 +774,7 @@ xfs_setattr_nonsize( > * cleared upon successful return from chown() > */ > if ((inode->i_mode & (S_ISUID|S_ISGID)) && > - !capable(CAP_FSETID)) > + !capable_wrt_inode_uidgid(mnt_userns, inode, CAP_FSETID)) > inode->i_mode &= ~(S_ISUID|S_ISGID); > > /* > -- > 2.35.0.rc2 >
