mirror of
https://github.com/torvalds/linux
synced 2024-10-06 19:34:19 +00:00
fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems
The user in control of a super block should be allowed to freeze and thaw it. Relax the restrictions on the FIFREEZE and FITHAW ioctls to require CAP_SYS_ADMIN in s_user_ns. Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Christian Brauner <christian@brauner.io> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
This commit is contained in:
parent
b1d749c5c3
commit
f3f1a18330
|
@ -549,7 +549,7 @@ static int ioctl_fsfreeze(struct file *filp)
|
|||
{
|
||||
struct super_block *sb = file_inode(filp)->i_sb;
|
||||
|
||||
if (!capable(CAP_SYS_ADMIN))
|
||||
if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN))
|
||||
return -EPERM;
|
||||
|
||||
/* If filesystem doesn't support freeze feature, return. */
|
||||
|
@ -566,7 +566,7 @@ static int ioctl_fsthaw(struct file *filp)
|
|||
{
|
||||
struct super_block *sb = file_inode(filp)->i_sb;
|
||||
|
||||
if (!capable(CAP_SYS_ADMIN))
|
||||
if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN))
|
||||
return -EPERM;
|
||||
|
||||
/* Thaw */
|
||||
|
|
Loading…
Reference in a new issue