fs: Allow CAP_FOWNER in s_user_ns to create hard links

Privileged users in the namespace which controls a super block should not be prevented from creating hard links. Expand the check in may_linkat() to allow CAP_FOWNER in s_user_ns to set any hardlink. Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

fs: Allow CAP_FOWNER in s_user_ns to create hard links
Privileged users in the namespace which controls a super block should not be prevented from creating hard links. Expand the check in may_linkat() to allow CAP_FOWNER in s_user_ns to set any hardlink. Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
46434eee · Seth Forshee · c9f892ab · 46434eee
Commit 46434eee authored Feb 15, 2015 by Seth Forshee
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

fs/namei.c fs/namei.c +1 -1

No files found.
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -974,7 +974,7 @@ static int may_linkat(struct path *link)
 	 * otherwise, it must be a safe source.
 	 */
 	if (uid_eq(cred->fsuid, inode->i_uid) || safe_hardlink_source(inode) ||
-	    capable(CAP_FOWNER))
+	    ns_capable(inode->i_sb->s_user_ns, CAP_FOWNER))
 		return 0;

 	audit_log_link_denied("linkat", link);