fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems

The user in control of a super block should be allowed to freeze
and thaw it. Relax the restrictions on the FIFREEZE and FITHAW
ioctls to require CAP_SYS_ADMIN in s_user_ns.

Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Acked-by: Christian Brauner <christian@brauner.io>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
This commit is contained in:
Seth Forshee 2015-02-15 14:35:35 -06:00 committed by Eric W. Biederman
parent b1d749c5c3
commit f3f1a18330

View File

@ -549,7 +549,7 @@ static int ioctl_fsfreeze(struct file *filp)
{ {
struct super_block *sb = file_inode(filp)->i_sb; struct super_block *sb = file_inode(filp)->i_sb;
if (!capable(CAP_SYS_ADMIN)) if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN))
return -EPERM; return -EPERM;
/* If filesystem doesn't support freeze feature, return. */ /* If filesystem doesn't support freeze feature, return. */
@ -566,7 +566,7 @@ static int ioctl_fsthaw(struct file *filp)
{ {
struct super_block *sb = file_inode(filp)->i_sb; struct super_block *sb = file_inode(filp)->i_sb;
if (!capable(CAP_SYS_ADMIN)) if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN))
return -EPERM; return -EPERM;
/* Thaw */ /* Thaw */