ecryptfs: fix uid translation for setxattr on security.capability
authorMiklos Szeredi <mszeredi@redhat.com>
Tue, 19 Jan 2021 16:22:03 +0000 (17:22 +0100)
committerTyler Hicks <code@tyhicks.com>
Tue, 26 Jan 2021 01:47:14 +0000 (01:47 +0000)
commit0b964446c63f9d7d7cd1809ee39277b4f73916b5
treed16cf9b5d60fe67a5608cfb6fd252901afa2cc35
parent83d09ad4b950651a95d37697f1493c00d888d0db
ecryptfs: fix uid translation for setxattr on security.capability

Prior to commit 7c03e2cda4a5 ("vfs: move cap_convert_nscap() call into
vfs_setxattr()") the translation of nscap->rootid did not take stacked
filesystems (overlayfs and ecryptfs) into account.

That patch fixed the overlay case, but made the ecryptfs case worse.

Restore old the behavior for ecryptfs that existed before the overlayfs
fix.  This does not fix ecryptfs's handling of complex user namespace
setups, but it does make sure existing setups don't regress.

Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Cc: Tyler Hicks <code@tyhicks.com>
Fixes: 7c03e2cda4a5 ("vfs: move cap_convert_nscap() call into vfs_setxattr()")
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Tyler Hicks <code@tyhicks.com>
fs/ecryptfs/inode.c