From: Stephen Rothwell <sfr@canb.auug.org.au>
Date: Thu, 5 Nov 2015 04:19:47 +0000 (+1100)
Subject: Merge remote-tracking branch 'userns/for-next'
X-Git-Tag: KARO-TXUL-2015-12-04~42
X-Git-Url: https://git.kernelconcepts.de/?p=karo-tx-linux.git;a=commitdiff_plain;h=65e765ab385fc1ee5568db9a2733afd165b36474;hp=a5a110d43ceaa9b3e04b9944e1f1957a75b30d29

Merge remote-tracking branch 'userns/for-next'
---

diff --git a/fs/namei.c b/fs/namei.c
index e5daa6f65c6e..2b729d253715 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -955,26 +955,23 @@ static bool safe_hardlink_source(struct inode *inode)
  *  - sysctl_protected_hardlinks enabled
  *  - fsuid does not match inode
  *  - hardlink source is unsafe (see safe_hardlink_source() above)
- *  - not CAP_FOWNER
+ *  - not CAP_FOWNER in a namespace with the inode owner uid mapped
  *
  * Returns 0 if successful, -ve on error.
  */
 static int may_linkat(struct path *link)
 {
-	const struct cred *cred;
 	struct inode *inode;
 
 	if (!sysctl_protected_hardlinks)
 		return 0;
 
-	cred = current_cred();
 	inode = link->dentry->d_inode;
 
 	/* Source inode owner (or CAP_FOWNER) can hardlink all they like,
 	 * otherwise, it must be a safe source.
 	 */
-	if (uid_eq(cred->fsuid, inode->i_uid) || safe_hardlink_source(inode) ||
-	    capable(CAP_FOWNER))
+	if (inode_owner_or_capable(inode) || safe_hardlink_source(inode))
 		return 0;
 
 	audit_log_link_denied("linkat", link);