If in_userns returns false mnt_may_suid also returns false, and we will reach second(removed) if-check only in case it does not trigger, so remove it. Signed-off-by: Pavel Tikhomirov <ptikhomirov@xxxxxxxxxxxxx> --- security/commoncap.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/security/commoncap.c b/security/commoncap.c index ca0c04ae..82f930c 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -445,8 +445,6 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c if (!mnt_may_suid(bprm->file->f_path.mnt)) return 0; - if (!in_userns(current_user_ns(), bprm->file->f_path.mnt->mnt_sb->s_user_ns)) - return 0; dentry = dget(bprm->file->f_dentry); -- 1.9.3 _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
