usb: misc: legousbtower: don't print on ENOMEM

[cascardo/linux.git] / security / commoncap.c

diff --git a/security/commoncap.c b/security/commoncap.c
index e7fadde..14540bd 100644 (file)
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -453,7 +453,15 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c
        if (!file_caps_enabled)
                return 0;
 
-       if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
+       if (!mnt_may_suid(bprm->file->f_path.mnt))
+               return 0;
+
+       /*
+        * This check is redundant with mnt_may_suid() but is kept to make
+        * explicit that capability bits are limited to s_user_ns and its
+        * descendants.
+        */
+       if (!current_in_userns(bprm->file->f_path.mnt->mnt_sb->s_user_ns))
                return 0;
 
        rc = get_vfs_caps_from_disk(bprm->file->f_path.dentry, &vcaps);