Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm...

[karo-tx-linux.git] / fs / open.c

diff --git a/fs/open.c b/fs/open.c
index 5eccdcea2d1b977dde9482cabf8976e54e172bf8..d54301219d04f1c8fed18d6de15ed590a593e2ab 100644 (file)
--- a/fs/open.c
+++ b/fs/open.c
@@ -316,7 +316,8 @@ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode)
 
        if (!issecure(SECURE_NO_SETUID_FIXUP)) {
                /* Clear the capabilities if we switch to a non-root user */
-               if (override_cred->uid)
+               kuid_t root_uid = make_kuid(override_cred->user_ns, 0);
+               if (!uid_eq(override_cred->uid, root_uid))
                        cap_clear(override_cred->cap_effective);
                else
                        override_cred->cap_effective =
@@ -505,15 +506,24 @@ static int chown_common(struct path *path, uid_t user, gid_t group)
        struct inode *inode = path->dentry->d_inode;
        int error;
        struct iattr newattrs;
+       kuid_t uid;
+       kgid_t gid;
+
+       uid = make_kuid(current_user_ns(), user);
+       gid = make_kgid(current_user_ns(), group);
 
        newattrs.ia_valid =  ATTR_CTIME;
        if (user != (uid_t) -1) {
+               if (!uid_valid(uid))
+                       return -EINVAL;
                newattrs.ia_valid |= ATTR_UID;
-               newattrs.ia_uid = user;
+               newattrs.ia_uid = uid;
        }
        if (group != (gid_t) -1) {
+               if (!gid_valid(gid))
+                       return -EINVAL;
                newattrs.ia_valid |= ATTR_GID;
-               newattrs.ia_gid = group;
+               newattrs.ia_gid = gid;
        }
        if (!S_ISDIR(inode->i_mode))
                newattrs.ia_valid |=