Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f3f1a183 authored Feb 15, 2015 by Seth Forshee Committed by Eric W. Biederman May 24, 2018

fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems



The user in control of a super block should be allowed to freeze
and thaw it. Relax the restrictions on the FIFREEZE and FITHAW
ioctls to require CAP_SYS_ADMIN in s_user_ns.

Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Acked-by: Christian Brauner <christian@brauner.io>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>

parent b1d749c5

fs/ioctl.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -549,7 +549,7 @@ static int ioctl_fsfreeze(struct file *filp)
		{
		struct super_block *sb = file_inode(filp)->i_sb;

		if (!capable(CAP_SYS_ADMIN))
		if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN))
		return -EPERM;

		/* If filesystem doesn't support freeze feature, return. */
		@@ -566,7 +566,7 @@ static int ioctl_fsthaw(struct file *filp)
		{
		struct super_block *sb = file_inode(filp)->i_sb;

		if (!capable(CAP_SYS_ADMIN))
		if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN))
		return -EPERM;

		/* Thaw */