forked from Minki/linux
userns: rename is_owner_or_cap to inode_owner_or_capable
And give it a kernel-doc comment. [akpm@linux-foundation.org: btrfs changed in linux-next] Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Daniel Lezcano <daniel.lezcano@free.fr> Acked-by: David Howells <dhowells@redhat.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
e795b71799
commit
2e14967075
@ -323,7 +323,7 @@ static int v9fs_xattr_set_acl(struct dentry *dentry, const char *name,
|
||||
|
||||
if (S_ISLNK(inode->i_mode))
|
||||
return -EOPNOTSUPP;
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
return -EPERM;
|
||||
if (value) {
|
||||
/* update the cached acl value */
|
||||
|
@ -59,7 +59,7 @@ int inode_change_ok(const struct inode *inode, struct iattr *attr)
|
||||
|
||||
/* Make sure a caller can chmod. */
|
||||
if (ia_valid & ATTR_MODE) {
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
return -EPERM;
|
||||
/* Also check the setgid bit! */
|
||||
if (!in_group_p((ia_valid & ATTR_GID) ? attr->ia_gid :
|
||||
@ -69,7 +69,7 @@ int inode_change_ok(const struct inode *inode, struct iattr *attr)
|
||||
|
||||
/* Check for setting the inode time. */
|
||||
if (ia_valid & (ATTR_MTIME_SET | ATTR_ATIME_SET | ATTR_TIMES_SET)) {
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
return -EPERM;
|
||||
}
|
||||
|
||||
|
@ -170,7 +170,7 @@ static int btrfs_xattr_acl_set(struct dentry *dentry, const char *name,
|
||||
int ret;
|
||||
struct posix_acl *acl = NULL;
|
||||
|
||||
if (!is_owner_or_cap(dentry->d_inode))
|
||||
if (!inode_owner_or_capable(dentry->d_inode))
|
||||
return -EPERM;
|
||||
|
||||
if (!IS_POSIXACL(dentry->d_inode))
|
||||
|
@ -158,7 +158,7 @@ static int btrfs_ioctl_setflags(struct file *file, void __user *arg)
|
||||
FS_SYNC_FL | FS_DIRSYNC_FL))
|
||||
return -EOPNOTSUPP;
|
||||
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
return -EACCES;
|
||||
|
||||
mutex_lock(&inode->i_mutex);
|
||||
@ -1077,7 +1077,7 @@ static noinline int btrfs_ioctl_subvol_setflags(struct file *file,
|
||||
if (flags & ~BTRFS_SUBVOL_RDONLY)
|
||||
return -EOPNOTSUPP;
|
||||
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
return -EACCES;
|
||||
|
||||
down_write(&root->fs_info->subvol_sem);
|
||||
|
@ -406,7 +406,7 @@ ext2_xattr_set_acl(struct dentry *dentry, const char *name, const void *value,
|
||||
return -EINVAL;
|
||||
if (!test_opt(dentry->d_sb, POSIX_ACL))
|
||||
return -EOPNOTSUPP;
|
||||
if (!is_owner_or_cap(dentry->d_inode))
|
||||
if (!inode_owner_or_capable(dentry->d_inode))
|
||||
return -EPERM;
|
||||
|
||||
if (value) {
|
||||
|
@ -39,7 +39,7 @@ long ext2_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
if (!is_owner_or_cap(inode)) {
|
||||
if (!inode_owner_or_capable(inode)) {
|
||||
ret = -EACCES;
|
||||
goto setflags_out;
|
||||
}
|
||||
@ -89,7 +89,7 @@ setflags_out:
|
||||
case EXT2_IOC_GETVERSION:
|
||||
return put_user(inode->i_generation, (int __user *) arg);
|
||||
case EXT2_IOC_SETVERSION:
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
return -EPERM;
|
||||
ret = mnt_want_write(filp->f_path.mnt);
|
||||
if (ret)
|
||||
@ -115,7 +115,7 @@ setflags_out:
|
||||
if (!test_opt(inode->i_sb, RESERVATION) ||!S_ISREG(inode->i_mode))
|
||||
return -ENOTTY;
|
||||
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
return -EACCES;
|
||||
|
||||
if (get_user(rsv_window_size, (int __user *)arg))
|
||||
|
@ -435,7 +435,7 @@ ext3_xattr_set_acl(struct dentry *dentry, const char *name, const void *value,
|
||||
return -EINVAL;
|
||||
if (!test_opt(inode->i_sb, POSIX_ACL))
|
||||
return -EOPNOTSUPP;
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
return -EPERM;
|
||||
|
||||
if (value) {
|
||||
|
@ -38,7 +38,7 @@ long ext3_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
|
||||
unsigned int oldflags;
|
||||
unsigned int jflag;
|
||||
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
return -EACCES;
|
||||
|
||||
if (get_user(flags, (int __user *) arg))
|
||||
@ -123,7 +123,7 @@ flags_out:
|
||||
__u32 generation;
|
||||
int err;
|
||||
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
return -EPERM;
|
||||
|
||||
err = mnt_want_write(filp->f_path.mnt);
|
||||
@ -192,7 +192,7 @@ setversion_out:
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
if (!is_owner_or_cap(inode)) {
|
||||
if (!inode_owner_or_capable(inode)) {
|
||||
err = -EACCES;
|
||||
goto setrsvsz_out;
|
||||
}
|
||||
|
@ -433,7 +433,7 @@ ext4_xattr_set_acl(struct dentry *dentry, const char *name, const void *value,
|
||||
return -EINVAL;
|
||||
if (!test_opt(inode->i_sb, POSIX_ACL))
|
||||
return -EOPNOTSUPP;
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
return -EPERM;
|
||||
|
||||
if (value) {
|
||||
|
@ -38,7 +38,7 @@ long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
|
||||
unsigned int oldflags;
|
||||
unsigned int jflag;
|
||||
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
return -EACCES;
|
||||
|
||||
if (get_user(flags, (int __user *) arg))
|
||||
@ -146,7 +146,7 @@ flags_out:
|
||||
__u32 generation;
|
||||
int err;
|
||||
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
return -EPERM;
|
||||
|
||||
err = mnt_want_write(filp->f_path.mnt);
|
||||
@ -298,7 +298,7 @@ mext_out:
|
||||
case EXT4_IOC_MIGRATE:
|
||||
{
|
||||
int err;
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
return -EACCES;
|
||||
|
||||
err = mnt_want_write(filp->f_path.mnt);
|
||||
@ -320,7 +320,7 @@ mext_out:
|
||||
case EXT4_IOC_ALLOC_DA_BLKS:
|
||||
{
|
||||
int err;
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
return -EACCES;
|
||||
|
||||
err = mnt_want_write(filp->f_path.mnt);
|
||||
|
@ -159,7 +159,7 @@ static int setfl(int fd, struct file * filp, unsigned long arg)
|
||||
|
||||
/* O_NOATIME can only be set by the owner or superuser */
|
||||
if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME))
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
return -EPERM;
|
||||
|
||||
/* required for strict SunOS emulation */
|
||||
|
@ -74,7 +74,7 @@ generic_acl_set(struct dentry *dentry, const char *name, const void *value,
|
||||
return -EINVAL;
|
||||
if (S_ISLNK(inode->i_mode))
|
||||
return -EOPNOTSUPP;
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
return -EPERM;
|
||||
if (value) {
|
||||
acl = posix_acl_from_xattr(value, size);
|
||||
|
@ -221,7 +221,7 @@ static int do_gfs2_set_flags(struct file *filp, u32 reqflags, u32 mask)
|
||||
goto out_drop_write;
|
||||
|
||||
error = -EACCES;
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
goto out;
|
||||
|
||||
error = 0;
|
||||
|
@ -47,7 +47,7 @@ static int hfsplus_ioctl_setflags(struct file *file, int __user *user_flags)
|
||||
if (err)
|
||||
goto out;
|
||||
|
||||
if (!is_owner_or_cap(inode)) {
|
||||
if (!inode_owner_or_capable(inode)) {
|
||||
err = -EACCES;
|
||||
goto out_drop_write;
|
||||
}
|
||||
|
13
fs/inode.c
13
fs/inode.c
@ -1735,11 +1735,14 @@ void inode_init_owner(struct inode *inode, const struct inode *dir,
|
||||
}
|
||||
EXPORT_SYMBOL(inode_init_owner);
|
||||
|
||||
/*
|
||||
* return true if current either has CAP_FOWNER to the
|
||||
* file, or owns the file.
|
||||
/**
|
||||
* inode_owner_or_capable - check current task permissions to inode
|
||||
* @inode: inode being checked
|
||||
*
|
||||
* Return true if current either has CAP_FOWNER to the inode, or
|
||||
* owns the file.
|
||||
*/
|
||||
bool is_owner_or_cap(const struct inode *inode)
|
||||
bool inode_owner_or_capable(const struct inode *inode)
|
||||
{
|
||||
struct user_namespace *ns = inode_userns(inode);
|
||||
|
||||
@ -1749,4 +1752,4 @@ bool is_owner_or_cap(const struct inode *inode)
|
||||
return true;
|
||||
return false;
|
||||
}
|
||||
EXPORT_SYMBOL(is_owner_or_cap);
|
||||
EXPORT_SYMBOL(inode_owner_or_capable);
|
||||
|
@ -402,7 +402,7 @@ static int jffs2_acl_setxattr(struct dentry *dentry, const char *name,
|
||||
|
||||
if (name[0] != '\0')
|
||||
return -EINVAL;
|
||||
if (!is_owner_or_cap(dentry->d_inode))
|
||||
if (!inode_owner_or_capable(dentry->d_inode))
|
||||
return -EPERM;
|
||||
|
||||
if (value) {
|
||||
|
@ -72,7 +72,7 @@ long jfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
if (!is_owner_or_cap(inode)) {
|
||||
if (!inode_owner_or_capable(inode)) {
|
||||
err = -EACCES;
|
||||
goto setflags_out;
|
||||
}
|
||||
|
@ -678,7 +678,7 @@ static int can_set_system_xattr(struct inode *inode, const char *name,
|
||||
struct posix_acl *acl;
|
||||
int rc;
|
||||
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
return -EPERM;
|
||||
|
||||
/*
|
||||
|
@ -196,7 +196,7 @@ long logfs_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
|
||||
if (IS_RDONLY(inode))
|
||||
return -EROFS;
|
||||
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
return -EACCES;
|
||||
|
||||
err = get_user(flags, (int __user *)arg);
|
||||
|
@ -2036,7 +2036,7 @@ static int may_open(struct path *path, int acc_mode, int flag)
|
||||
}
|
||||
|
||||
/* O_NOATIME can only be set by the owner or superuser */
|
||||
if (flag & O_NOATIME && !is_owner_or_cap(inode))
|
||||
if (flag & O_NOATIME && !inode_owner_or_capable(inode))
|
||||
return -EPERM;
|
||||
|
||||
/*
|
||||
|
@ -113,7 +113,7 @@ static int nilfs_ioctl_setflags(struct inode *inode, struct file *filp,
|
||||
unsigned int flags, oldflags;
|
||||
int ret;
|
||||
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
return -EACCES;
|
||||
|
||||
if (get_user(flags, (int __user *)argp))
|
||||
|
@ -497,7 +497,7 @@ static int ocfs2_xattr_set_acl(struct dentry *dentry, const char *name,
|
||||
if (!(osb->s_mount_opt & OCFS2_MOUNT_POSIX_ACL))
|
||||
return -EOPNOTSUPP;
|
||||
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
return -EPERM;
|
||||
|
||||
if (value) {
|
||||
|
@ -82,7 +82,7 @@ static int ocfs2_set_inode_attr(struct inode *inode, unsigned flags,
|
||||
}
|
||||
|
||||
status = -EACCES;
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
goto bail_unlock;
|
||||
|
||||
if (!S_ISDIR(inode->i_mode))
|
||||
|
@ -59,7 +59,7 @@ long reiserfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
|
||||
if (err)
|
||||
break;
|
||||
|
||||
if (!is_owner_or_cap(inode)) {
|
||||
if (!inode_owner_or_capable(inode)) {
|
||||
err = -EPERM;
|
||||
goto setflags_out;
|
||||
}
|
||||
@ -103,7 +103,7 @@ setflags_out:
|
||||
err = put_user(inode->i_generation, (int __user *)arg);
|
||||
break;
|
||||
case REISERFS_IOC_SETVERSION:
|
||||
if (!is_owner_or_cap(inode)) {
|
||||
if (!inode_owner_or_capable(inode)) {
|
||||
err = -EPERM;
|
||||
break;
|
||||
}
|
||||
|
@ -26,7 +26,7 @@ posix_acl_set(struct dentry *dentry, const char *name, const void *value,
|
||||
size_t jcreate_blocks;
|
||||
if (!reiserfs_posixacl(inode->i_sb))
|
||||
return -EOPNOTSUPP;
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
return -EPERM;
|
||||
|
||||
if (value) {
|
||||
|
@ -160,7 +160,7 @@ long ubifs_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
|
||||
if (IS_RDONLY(inode))
|
||||
return -EROFS;
|
||||
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
return -EACCES;
|
||||
|
||||
if (get_user(flags, (int __user *) arg))
|
||||
|
@ -95,7 +95,7 @@ static int utimes_common(struct path *path, struct timespec *times)
|
||||
if (IS_IMMUTABLE(inode))
|
||||
goto mnt_drop_write_and_out;
|
||||
|
||||
if (!is_owner_or_cap(inode)) {
|
||||
if (!inode_owner_or_capable(inode)) {
|
||||
error = inode_permission(inode, MAY_WRITE);
|
||||
if (error)
|
||||
goto mnt_drop_write_and_out;
|
||||
|
@ -59,7 +59,7 @@ xattr_permission(struct inode *inode, const char *name, int mask)
|
||||
if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
|
||||
return -EPERM;
|
||||
if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
|
||||
(mask & MAY_WRITE) && !is_owner_or_cap(inode))
|
||||
(mask & MAY_WRITE) && !inode_owner_or_capable(inode))
|
||||
return -EPERM;
|
||||
}
|
||||
|
||||
|
@ -1463,7 +1463,7 @@ enum {
|
||||
*/
|
||||
extern struct user_namespace init_user_ns;
|
||||
#define inode_userns(inode) (&init_user_ns)
|
||||
extern bool is_owner_or_cap(const struct inode *inode);
|
||||
extern bool inode_owner_or_capable(const struct inode *inode);
|
||||
|
||||
/* not quite ready to be deprecated, but... */
|
||||
extern void lock_super(struct super_block *);
|
||||
|
@ -2725,7 +2725,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
|
||||
if (!(sbsec->flags & SE_SBLABELSUPP))
|
||||
return -EOPNOTSUPP;
|
||||
|
||||
if (!is_owner_or_cap(inode))
|
||||
if (!inode_owner_or_capable(inode))
|
||||
return -EPERM;
|
||||
|
||||
COMMON_AUDIT_DATA_INIT(&ad, FS);
|
||||
|
Loading…
Reference in New Issue
Block a user