mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2025-01-04 04:44:37 +08:00
filelocks: use mount idmapping for setlease permission check
commit42d0c4bdf7
upstream. A user should be allowed to take out a lease via an idmapped mount if the fsuid matches the mapped uid of the inode. generic_setlease() is checking the unmapped inode uid, causing these operations to be denied. Fix this by comparing against the mapped inode uid instead of the unmapped uid. Fixes:9caccd4154
("fs: introduce MOUNT_ATTR_IDMAP") Cc: stable@vger.kernel.org Signed-off-by: Seth Forshee (DigitalOcean) <sforshee@kernel.org> Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
513572bb89
commit
48302ee67d
@ -1901,9 +1901,10 @@ int generic_setlease(struct file *filp, long arg, struct file_lock **flp,
|
|||||||
void **priv)
|
void **priv)
|
||||||
{
|
{
|
||||||
struct inode *inode = locks_inode(filp);
|
struct inode *inode = locks_inode(filp);
|
||||||
|
kuid_t uid = i_uid_into_mnt(file_mnt_user_ns(filp), inode);
|
||||||
int error;
|
int error;
|
||||||
|
|
||||||
if ((!uid_eq(current_fsuid(), inode->i_uid)) && !capable(CAP_LEASE))
|
if ((!uid_eq(current_fsuid(), uid)) && !capable(CAP_LEASE))
|
||||||
return -EACCES;
|
return -EACCES;
|
||||||
if (!S_ISREG(inode->i_mode))
|
if (!S_ISREG(inode->i_mode))
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
Loading…
Reference in New Issue
Block a user