ecryptfs: fix uid translation for setxattr on security.capability (0b964446) · Commits · linux-arm / linux-sh

Commit 0b964446 authored Jan 19, 2021 by Miklos Szeredi Committed by Tyler Hicks Jan 26, 2021

ecryptfs: fix uid translation for setxattr on security.capability



Prior to commit 7c03e2cd ("vfs: move cap_convert_nscap() call into
vfs_setxattr()") the translation of nscap->rootid did not take stacked
filesystems (overlayfs and ecryptfs) into account.

That patch fixed the overlay case, but made the ecryptfs case worse.

Restore old the behavior for ecryptfs that existed before the overlayfs
fix.  This does not fix ecryptfs's handling of complex user namespace
setups, but it does make sure existing setups don't regress.

Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Cc: Tyler Hicks <code@tyhicks.com>
Fixes: 7c03e2cd ("vfs: move cap_convert_nscap() call into vfs_setxattr()")
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Tyler Hicks <code@tyhicks.com>

parent 83d09ad4

Hide whitespace changes

Inline Side-by-side

Please register or to comment