@@ -432,13 +432,16 @@ EXPORT_SYMBOL(vfs_clone_file_range);
/* Check whether we are allowed to dedupe the destination file */
static bool allow_file_dedupe(struct file *file)
{
+ struct user_namespace *user_ns = mnt_user_ns(file->f_path.mnt);
+ struct inode *inode = file_inode(file);
+
if (capable(CAP_SYS_ADMIN))
return true;
if (file->f_mode & FMODE_WRITE)
return true;
- if (uid_eq(current_fsuid(), file_inode(file)->i_uid))
+ if (uid_eq(current_fsuid(), i_uid_into_mnt(user_ns, inode)))
return true;
- if (!inode_permission(&init_user_ns, file_inode(file), MAY_WRITE))
+ if (!inode_permission(user_ns, inode, MAY_WRITE))
return true;
return false;
}
@@ -369,7 +369,7 @@ int fsverity_ioctl_enable(struct file *filp, const void __user *uarg)
* has verity enabled, and to stabilize the data being hashed.
*/
- err = inode_permission(&init_user_ns, inode, MAY_WRITE);
+ err = inode_permission(mnt_user_ns(filp->f_path.mnt), inode, MAY_WRITE);
if (err)
return err;
Enable generic ioctls to handle idmapped mounts by passing down the mount's user namespace. If the initial user namespace is passed nothing changes so non-idmapped mounts will see identical behavior as before. Cc: Christoph Hellwig <hch@lst.de> Cc: David Howells <dhowells@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: linux-fsdevel@vger.kernel.org Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> --- /* v2 */ patch introduced /* v3 */ unchanged --- fs/remap_range.c | 7 +++++-- fs/verity/enable.c | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-)