fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems

The user in control of a super block should be allowed to freeze and thaw it. Relax the restrictions on the FIFREEZE and FITHAW ioctls to require CAP_SYS_ADMIN in s_user_ns. Signed-off-by: N Seth Forshee <seth.forshee@canonical.com> Acked-by: N Christian Brauner <christian@brauner.io> Signed-off-by: N Eric W. Biederman <ebiederm@xmission.com>

fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems
The user in control of a super block should be allowed to freeze and thaw it. Relax the restrictions on the FIFREEZE and FITHAW ioctls to require CAP_SYS_ADMIN in s_user_ns. Signed-off-by: N Seth Forshee <seth.forshee@canonical.com> Acked-by: N Christian Brauner <christian@brauner.io> Signed-off-by: N Eric W. Biederman <ebiederm@xmission.com>
f3f1a183 · Seth Forshee · Eric W. Biederman · b1d749c5 · f3f1a183
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

fs/ioctl.c fs/ioctl.c +2 -2

未找到文件。
--- a/fs/ioctl.c
+++ b/fs/ioctl.c
@@ -549,7 +549,7 @@ static int ioctl_fsfreeze(struct file *filp)
 {
 	struct super_block *sb = file_inode(filp)->i_sb;

-	if (!capable(CAP_SYS_ADMIN))
+	if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN))
 		return -EPERM;

 	/* If filesystem doesn't support freeze feature, return. */
@@ -566,7 +566,7 @@ static int ioctl_fsthaw(struct file *filp)
 {
 	struct super_block *sb = file_inode(filp)->i_sb;

-	if (!capable(CAP_SYS_ADMIN))
+	if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN))
 		return -EPERM;

 	/* Thaw */