Assumption never checked, should fail if the mounter creds are not
sufficient.
Signed-off-by: Mark Salyzyn <saly...@android.com>
Cc: Miklos Szeredi <mik...@szeredi.hu>
Cc: Jonathan Corbet <cor...@lwn.net>
Cc: Vivek Goyal <vgo...@redhat.com>
Cc: Eric W. Biederman <ebied...@xmission.com>
Cc: Amir Goldstein <amir7...@gmail.com>
Cc: Randy Dunlap <rdun...@infradead.org>
Cc: Stephen Smalley <s...@tycho.nsa.gov>
Cc: linux-unio...@vger.kernel.org
Cc: linux-...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
v5
- dependency of "overlayfs: override_creds=off option bypass creator_cred"
---
fs/overlayfs/overlayfs.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h
index 7538b9b56237..bf3a80157d42 100644
--- a/fs/overlayfs/overlayfs.h
+++ b/fs/overlayfs/overlayfs.h
@@ -176,7 +176,7 @@ static inline int ovl_do_rename(struct inode *olddir,
struct dentry *olddentry,
static inline int ovl_do_whiteout(struct inode *dir, struct dentry *dentry)
{
- int err = vfs_whiteout(dir, dentry);
+ int err = capable(CAP_MKNOD) ? vfs_whiteout(dir, dentry) : -EPERM;
pr_debug("whiteout(%pd2) = %i\n", dentry, err);
return err;
}
--
2.19.0.rc0.228.g281dcd1b4d0-goog
