Commit f3f1a183 authored by Seth Forshee's avatar Seth Forshee Committed by Eric W. Biederman

fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems

The user in control of a super block should be allowed to freeze
and thaw it. Relax the restrictions on the FIFREEZE and FITHAW
ioctls to require CAP_SYS_ADMIN in s_user_ns.
Signed-off-by: default avatarSeth Forshee <seth.forshee@canonical.com>
Acked-by: default avatarChristian Brauner <christian@brauner.io>
Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
parent b1d749c5
...@@ -549,7 +549,7 @@ static int ioctl_fsfreeze(struct file *filp) ...@@ -549,7 +549,7 @@ static int ioctl_fsfreeze(struct file *filp)
{ {
struct super_block *sb = file_inode(filp)->i_sb; struct super_block *sb = file_inode(filp)->i_sb;
if (!capable(CAP_SYS_ADMIN)) if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN))
return -EPERM; return -EPERM;
/* If filesystem doesn't support freeze feature, return. */ /* If filesystem doesn't support freeze feature, return. */
...@@ -566,7 +566,7 @@ static int ioctl_fsthaw(struct file *filp) ...@@ -566,7 +566,7 @@ static int ioctl_fsthaw(struct file *filp)
{ {
struct super_block *sb = file_inode(filp)->i_sb; struct super_block *sb = file_inode(filp)->i_sb;
if (!capable(CAP_SYS_ADMIN)) if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN))
return -EPERM; return -EPERM;
/* Thaw */ /* Thaw */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment