diff options
author | Miklos Szeredi <mszeredi@redhat.com> | 2020-12-14 15:26:13 +0100 |
---|---|---|
committer | Miklos Szeredi <mszeredi@redhat.com> | 2020-12-14 15:26:13 +0100 |
commit | 7c03e2cda4a584cadc398e8f6641ca9988a39d52 (patch) | |
tree | fb00450cfbec40734c00495f1715fdf4d8b2d873 /security | |
parent | c11faf32599fee59f33896c8d59f9b3c17ca76fc (diff) | |
download | lwn-7c03e2cda4a584cadc398e8f6641ca9988a39d52.tar.gz lwn-7c03e2cda4a584cadc398e8f6641ca9988a39d52.zip |
vfs: move cap_convert_nscap() call into vfs_setxattr()
cap_convert_nscap() does permission checking as well as conversion of the
xattr value conditionally based on fs's user-ns.
This is needed by overlayfs and probably other layered fs (ecryptfs) and is
what vfs_foo() is supposed to do anyway.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Acked-by: James Morris <jamorris@linux.microsoft.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/commoncap.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index 59bf3c1674c8..bacc1111d871 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -473,7 +473,7 @@ static bool validheader(size_t size, const struct vfs_cap_data *cap) * * If all is ok, we return the new size, on error return < 0. */ -int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t size) +int cap_convert_nscap(struct dentry *dentry, const void **ivalue, size_t size) { struct vfs_ns_cap_data *nscap; uid_t nsrootid; @@ -516,7 +516,6 @@ int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t size) nscap->magic_etc = cpu_to_le32(nsmagic); memcpy(&nscap->data, &cap->data, sizeof(__le32) * 2 * VFS_CAP_U32); - kvfree(*ivalue); *ivalue = nscap; return newsize; } |