Merge branch 'linus' into locking/core, to pick up fixes

Signed-off-by: Ingo Molnar <mingo@kernel.org>
author: Ingo Molnar <mingo@kernel.org> 2016-11-11 08:25:07 +0100
committer: Ingo Molnar <mingo@kernel.org> 2016-11-11 08:25:07 +0100
commit: 4c8ee71620d734c8ad129fad085167f56f9ce351 (patch)
tree: 87208b0144aa664c96dd8b43bbcaaf1f25af606b /fs/overlayfs/super.c
parent: c7faee2109f978f3ef826c48b7e60609061fda4f (diff)
parent: 27bcd37e0240bbe33f0efe244b5aad52104115b3 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index bcf3965be819..edd46a0e951d 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -1037,6 +1037,21 @@ ovl_posix_acl_xattr_set(const struct xattr_handler *handler,
 
 	posix_acl_release(acl);
 
+	/*
+	 * Check if sgid bit needs to be cleared (actual setacl operation will
+	 * be done with mounter's capabilities and so that won't do it for us).
+	 */
+	if (unlikely(inode->i_mode & S_ISGID) &&
+	    handler->flags == ACL_TYPE_ACCESS &&
+	    !in_group_p(inode->i_gid) &&
+	    !capable_wrt_inode_uidgid(inode, CAP_FSETID)) {
+		struct iattr iattr = { .ia_valid = ATTR_KILL_SGID };
+
+		err = ovl_setattr(dentry, &iattr);
+		if (err)
+			return err;
+	}
+
 	err = ovl_xattr_set(dentry, handler->name, value, size, flags);
 	if (!err)
 		ovl_copyattr(ovl_inode_real(inode, NULL), inode);
author	Ingo Molnar <mingo@kernel.org>	2016-11-11 08:25:07 +0100
committer	Ingo Molnar <mingo@kernel.org>	2016-11-11 08:25:07 +0100
commit	4c8ee71620d734c8ad129fad085167f56f9ce351 (patch)
tree	87208b0144aa664c96dd8b43bbcaaf1f25af606b /fs/overlayfs/super.c
parent	c7faee2109f978f3ef826c48b7e60609061fda4f (diff)
parent	27bcd37e0240bbe33f0efe244b5aad52104115b3 (diff)