diff options
author | Christian Brauner <christian.brauner@ubuntu.com> | 2021-01-21 14:19:40 +0100 |
---|---|---|
committer | Christian Brauner <christian.brauner@ubuntu.com> | 2021-01-24 14:27:19 +0100 |
commit | 0f5d220b42fba0ab17a7353787be3c29bea92e30 (patch) | |
tree | d9a3f294309f610012306ff8d240f75a639bba5a /fs/remap_range.c | |
parent | b816dd5ddeae3252bb4255105b4c641e4c841501 (diff) | |
download | linux-rpi-0f5d220b42fba0ab17a7353787be3c29bea92e30.tar.gz linux-rpi-0f5d220b42fba0ab17a7353787be3c29bea92e30.tar.bz2 linux-rpi-0f5d220b42fba0ab17a7353787be3c29bea92e30.zip |
ioctl: handle idmapped mounts
Enable generic ioctls to handle idmapped mounts by passing down the
mount's user namespace. If the initial user namespace is passed nothing
changes so non-idmapped mounts will see identical behavior as before.
Link: https://lore.kernel.org/r/20210121131959.646623-22-christian.brauner@ubuntu.com
Cc: Christoph Hellwig <hch@lst.de>
Cc: David Howells <dhowells@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: James Morris <jamorris@linux.microsoft.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Diffstat (limited to 'fs/remap_range.c')
-rw-r--r-- | fs/remap_range.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/fs/remap_range.c b/fs/remap_range.c index 29a4a4dbfe12..e4a5fdd7ad7b 100644 --- a/fs/remap_range.c +++ b/fs/remap_range.c @@ -432,13 +432,16 @@ EXPORT_SYMBOL(vfs_clone_file_range); /* Check whether we are allowed to dedupe the destination file */ static bool allow_file_dedupe(struct file *file) { + struct user_namespace *mnt_userns = file_mnt_user_ns(file); + struct inode *inode = file_inode(file); + if (capable(CAP_SYS_ADMIN)) return true; if (file->f_mode & FMODE_WRITE) return true; - if (uid_eq(current_fsuid(), file_inode(file)->i_uid)) + if (uid_eq(current_fsuid(), i_uid_into_mnt(mnt_userns, inode))) return true; - if (!inode_permission(&init_user_ns, file_inode(file), MAY_WRITE)) + if (!inode_permission(mnt_userns, inode, MAY_WRITE)) return true; return false; } |