Skip to content

Commit

Permalink
[vpsAdminOS] respect CAP_LINUX_IMMUTABLE in 1st level userns
Browse files Browse the repository at this point in the history
  • Loading branch information
@snajpa
snajpa committed Jun 1, 2024
1 parent d8f47d9 commit f2c3181
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion fs/ioctl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -587,13 +587,17 @@ static int fileattr_set_prepare(struct inode *inode,
struct fileattr *fa)
{
int err;
struct user_namespace *ns = current_user_ns();

if ((ns != &init_user_ns) && (ns->parent != &init_user_ns))
ns = &init_user_ns;

/*
* The IMMUTABLE and APPEND_ONLY flags can only be changed by
* the relevant capability.
*/
if ((fa->flags ^ old_ma->flags) & (FS_APPEND_FL | FS_IMMUTABLE_FL) &&
!capable(CAP_LINUX_IMMUTABLE))
!ns_capable(ns, CAP_LINUX_IMMUTABLE))
return -EPERM;

err = fscrypt_prepare_setflags(inode, old_ma->flags, fa->flags);
Expand Down

0 comments on commit f2c3181

Please sign in to comment.