namei: fix capabilities check in sys_renameat2 () to support Containers

Konstantin Khorenko Fri, 24 Sep 2021 09:50:07 -0700

The commit is pushed to "branch-rh9-5.14.vz9.1.x-ovz" and will appear at 
https://src.openvz.org/scm/ovz/vzkernel.git
after ark-5.14
------>
commit 14d96baf22aa71b713ae9830d8bf8445347adc8c
Author: Stanislav Kinsburskiy <skinsbur...@virtuozzo.com>
Date:   Fri Sep 24 15:48:47 2021 +0300


    ve/fs/namei: fix capabilities check in sys_renameat2 () to support 
Containers
    
    Signed-off-by: Stanislav Kinsburskiy <skinsbur...@virtuozzo.com>
    
    Rebased to vz9:
     - ve_capable is moved to vfs_mknod becase due to ms
    commit a3c751a50fe6 ("vfs: allow unprivileged whiteout creation")
    
    (cherry picked from commit vz8 ea5765973b0087b555d608622b4ad6a676395b23)
    Signed-off-by: Andrey Zhadchenko <andrey.zhadche...@virtuozzo.com>
---
 fs/namei.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/namei.c b/fs/namei.c
index bf6d8a738c59..8eee5ad4ade5 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -3687,7 +3687,7 @@ int vfs_mknod(struct user_namespace *mnt_userns, struct 
inode *dir,
                return error;
 
        if ((S_ISCHR(mode) || S_ISBLK(mode)) && !is_whiteout &&
-           !capable(CAP_MKNOD))
+           !ve_capable(CAP_MKNOD))
                return -EPERM;
 
        if (!dir->i_op->mknod)
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

[Devel] [PATCH RHEL COMMIT] ve/fs/namei: fix capabilities check in sys_renameat2 () to support Containers

Reply via email to