UBUNTU: SAUCE: ima/evm: Allow root in s_user_ns to set xattrs

Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>

UBUNTU: SAUCE: ima/evm: Allow root in s_user_ns to set xattrs
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
5d96fa44 · Seth Forshee · Tim Gardner · 68aac61c · 5d96fa44 · 5d96fa44
Commit 5d96fa44 authored Feb 15, 2015 by Seth Forshee Committed by Tim Gardner Apr 06, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

security/integrity/evm/evm_main.c security/integrity/evm/evm_main.c +1 -1

security/integrity/ima/ima_appraise.c security/integrity/ima/ima_appraise.c +1 -1

No files found.
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -279,7 +279,7 @@ static int evm_protect_xattr(struct dentry *dentry, const char *xattr_name,
 	enum integrity_status evm_status;
 	if (strcmp(xattr_name, XATTR_NAME_EVM) == 0) {
-		if (!capable(CAP_SYS_ADMIN))
+		if (!ns_capable(dentry->d_sb->s_user_ns, CAP_SYS_ADMIN))
 			return -EPERM;
 	} else if (!evm_protected_xattr(xattr_name)) {
 		if (!posix_xattr_acl(xattr_name))

--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -345,7 +345,7 @@ static int ima_protect_xattr(struct dentry *dentry, const char *xattr_name,
 			     const void *xattr_value, size_t xattr_value_len)
 {
 	if (strcmp(xattr_name, XATTR_NAME_IMA) == 0) {
-		if (!capable(CAP_SYS_ADMIN))
+		if (!ns_capable(dentry->d_sb->s_user_ns, CAP_SYS_ADMIN))
 			return -EPERM;
 		return 1;
 	}