summaryrefslogtreecommitdiff
path: root/fs
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2013-03-20 12:49:49 -0700
committerEric W. Biederman <ebiederm@xmission.com>2013-08-30 23:44:11 -0700
commitc7b96acf1456ef127fef461fcfedb54b81fecfbb (patch)
tree1cc9387d23e96685453e545bda6d5a5efea8fa63 /fs
parentf54fb863c6bbcbafdfc332b4a4260abb5a002137 (diff)
userns: Kill nsown_capable it makes the wrong thing easy
nsown_capable is a special case of ns_capable essentially for just CAP_SETUID and CAP_SETGID. For the existing users it doesn't noticably simplify things and from the suggested patches I have seen it encourages people to do the wrong thing. So remove nsown_capable. Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'fs')
-rw-r--r--fs/namespace.c4
-rw-r--r--fs/open.c2
2 files changed, 3 insertions, 3 deletions
diff --git a/fs/namespace.c b/fs/namespace.c
index 877e4277f496..dc519a1437ee 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2929,8 +2929,8 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns)
struct path root;
if (!ns_capable(mnt_ns->user_ns, CAP_SYS_ADMIN) ||
- !nsown_capable(CAP_SYS_CHROOT) ||
- !nsown_capable(CAP_SYS_ADMIN))
+ !ns_capable(current_user_ns(), CAP_SYS_CHROOT) ||
+ !ns_capable(current_user_ns(), CAP_SYS_ADMIN))
return -EPERM;
if (fs->users != 1)
diff --git a/fs/open.c b/fs/open.c
index 9156cb050d08..1c9d23f7e683 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -443,7 +443,7 @@ retry:
goto dput_and_out;
error = -EPERM;
- if (!nsown_capable(CAP_SYS_CHROOT))
+ if (!ns_capable(current_user_ns(), CAP_SYS_CHROOT))
goto dput_and_out;
error = security_path_chroot(&path);
if (error)