Please sign in to comment.
Revert "capabitlies: ns_capable can use the cap helpers rather than l…
…sm call" This reverts commit d2a7009. J. R. Okajima explains: "After this commit, I am afraid access(2) on NFS may not work correctly. The scenario based upon my guess. - access(2) overrides the credentials. - calls inode_permission() -- ... -- generic_permission() -- ns_capable(). - while the old ns_capable() calls security_capable(current_cred()), the new ns_capable() calls has_ns_capability(current) -- security_capable(__task_cred(t)). current_cred() returns current->cred which is effective (overridden) credentials, but __task_cred(current) returns current->real_cred (the NFSD's credential). And the overridden credentials by access(2) lost." Requested-by: J. R. Okajima <email@example.com> Acked-by: Eric Paris <firstname.lastname@example.org> Signed-off-by: Linus Torvalds <email@example.com>
- Loading branch information...