summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorMiklos Szeredi <mszeredi@redhat.com>2020-12-14 15:26:13 +0100
committerMiklos Szeredi <mszeredi@redhat.com>2020-12-14 15:26:13 +0100
commit7c03e2cda4a584cadc398e8f6641ca9988a39d52 (patch)
treefb00450cfbec40734c00495f1715fdf4d8b2d873 /security
parentc11faf32599fee59f33896c8d59f9b3c17ca76fc (diff)
vfs: move cap_convert_nscap() call into vfs_setxattr()
cap_convert_nscap() does permission checking as well as conversion of the xattr value conditionally based on fs's user-ns. This is needed by overlayfs and probably other layered fs (ecryptfs) and is what vfs_foo() is supposed to do anyway. Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Acked-by: James Morris <jamorris@linux.microsoft.com>
Diffstat (limited to 'security')
-rw-r--r--security/commoncap.c3
1 files changed, 1 insertions, 2 deletions
diff --git a/security/commoncap.c b/security/commoncap.c
index 59bf3c1674c8..bacc1111d871 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -473,7 +473,7 @@ static bool validheader(size_t size, const struct vfs_cap_data *cap)
*
* If all is ok, we return the new size, on error return < 0.
*/
-int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t size)
+int cap_convert_nscap(struct dentry *dentry, const void **ivalue, size_t size)
{
struct vfs_ns_cap_data *nscap;
uid_t nsrootid;
@@ -516,7 +516,6 @@ int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t size)
nscap->magic_etc = cpu_to_le32(nsmagic);
memcpy(&nscap->data, &cap->data, sizeof(__le32) * 2 * VFS_CAP_U32);
- kvfree(*ivalue);
*ivalue = nscap;
return newsize;
}