From fd5e2aa8653665ae1cc60f7aca1069abdbcad3f6 Mon Sep 17 00:00:00 2001
From: Dwight Engen <dwight.engen@oracle.com>
Date: Thu, 15 Aug 2013 14:08:00 -0400
Subject: xfs: ioctl check for capabilities in the current user namespace

Use inode_capable() to check if SUID|SGID bits should be cleared to match
similar check in inode_change_ok().

The check for CAP_LINUX_IMMUTABLE was not modified since all other file
systems also check against init_user_ns rather than current_user_ns.

Only allow changing of projid from init_user_ns.

Reviewed-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Ben Myers <bpm@sgi.com>
---
 kernel/capability.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'kernel/capability.c')

diff --git a/kernel/capability.c b/kernel/capability.c
index f6c2ce5701e1..a4b67446dc87 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -464,3 +464,4 @@ bool inode_capable(const struct inode *inode, int cap)
 
 	return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid);
 }
+EXPORT_SYMBOL(inode_capable);
-- 
cgit v1.2.3