@@ -24,6 +24,7 @@
#include <linux/user_namespace.h>
#include <linux/binfmts.h>
#include <linux/personality.h>
+#include <linux/fsuidgid.h>
/*
* If a non-root user executes a setuid-root binary in
@@ -1061,7 +1062,7 @@ int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags)
* if not, we might be a bit too harsh here.
*/
if (!issecure(SECURE_NO_SETUID_FIXUP)) {
- kuid_t root_uid = make_kuid(old->user_ns, 0);
+ kuid_t root_uid = make_kfsuid(old->user_ns, 0);
if (uid_eq(old->fsuid, root_uid) && !uid_eq(new->fsuid, root_uid))
new->cap_effective =
cap_drop_fs_set(new->cap_effective);
Switch cap_task_fix_setuid() to lookup fsids in the fsid mappings. If no fsid mappings are setup the behavior is unchanged, i.e. fsids are looked up in the id mappings. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> --- /* v2 */ unchanged --- security/commoncap.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)