fs: port privilege checking helpers to mnt_idmap

[linux-block.git] / kernel / capability.c

diff --git a/kernel/capability.c b/kernel/capability.c
index 860fd22117c1892f282b4ecaa2cbacd10f447d99..509a9cfb29f2ca09c4ac1cefb6df618eae85d501 100644 (file)
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -486,9 +486,11 @@ EXPORT_SYMBOL(file_ns_capable);
  * Return true if the inode uid and gid are within the namespace.
  */
 bool privileged_wrt_inode_uidgid(struct user_namespace *ns,
-                                struct user_namespace *mnt_userns,
+                                struct mnt_idmap *idmap,
                                 const struct inode *inode)
 {
+       struct user_namespace *mnt_userns = mnt_idmap_owner(idmap);
+
        return vfsuid_has_mapping(ns, i_uid_into_vfsuid(mnt_userns, inode)) &&
               vfsgid_has_mapping(ns, i_gid_into_vfsgid(mnt_userns, inode));
 }
@@ -502,13 +504,13 @@ bool privileged_wrt_inode_uidgid(struct user_namespace *ns,
  * its own user namespace and that the given inode's uid and gid are
  * mapped into the current user namespace.
  */
-bool capable_wrt_inode_uidgid(struct user_namespace *mnt_userns,
+bool capable_wrt_inode_uidgid(struct mnt_idmap *idmap,
                              const struct inode *inode, int cap)
 {
        struct user_namespace *ns = current_user_ns();
 
        return ns_capable(ns, cap) &&
-              privileged_wrt_inode_uidgid(ns, mnt_userns, inode);
+              privileged_wrt_inode_uidgid(ns, idmap, inode);
 }
 EXPORT_SYMBOL(capable_wrt_inode_uidgid);