| Message ID | 1473281383-144843-3-git-send-email-seth.forshee@canonical.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index a13fc6809554..007cea65b5ef 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -353,8 +353,9 @@ void ima_inode_post_setattr(struct dentry *dentry) static int ima_protect_xattr(struct dentry *dentry, const char *xattr_name, const void *xattr_value, size_t xattr_value_len) { + struct inode *inode = d_backing_inode(dentry); if (strcmp(xattr_name, XATTR_NAME_IMA) == 0) { - if (!capable(CAP_SYS_ADMIN)) + if (!ns_capable(inode->i_sb->s_user_ns, CAP_SYS_ADMIN)) return -EPERM; return 1; }
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> --- security/integrity/ima/ima_appraise.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)