userns: Kill nsown_capable it makes the wrong thing easy nsown_capable is a special case of ns_capable essentially for just CAP_SETUID and CAP_SETGID. For the existing users it doesn't noticably simplify things and from the suggested patches I have seen it encourages people to do the wrong thing. So remove nsown_capable. Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

commit: c7b96acf1456ef127fef461fcfedb54b81fecfbb [log] [tgz]
author: Eric W. Biederman <ebiederm@xmission.com> Wed Mar 20 12:49:49 2013 -0700
committer: Eric W. Biederman <ebiederm@xmission.com> Fri Aug 30 23:44:11 2013 -0700
tree: 1cc9387d23e96685453e545bda6d5a5efea8fa63
parent: f54fb863c6bbcbafdfc332b4a4260abb5a002137 [diff] [blame]
diff --git a/fs/open.c b/fs/open.c
index 9156cb0..1c9d23f 100644
--- a/fs/open.c
+++ b/fs/open.c

@@ -443,7 +443,7 @@
 		goto dput_and_out;
 
 	error = -EPERM;
-	if (!nsown_capable(CAP_SYS_CHROOT))
+	if (!ns_capable(current_user_ns(), CAP_SYS_CHROOT))
 		goto dput_and_out;
 	error = security_path_chroot(&path);
 	if (error)
commit	c7b96acf1456ef127fef461fcfedb54b81fecfbb	[log] [tgz]
author	Eric W. Biederman <ebiederm@xmission.com>	Wed Mar 20 12:49:49 2013 -0700
committer	Eric W. Biederman <ebiederm@xmission.com>	Fri Aug 30 23:44:11 2013 -0700
tree	1cc9387d23e96685453e545bda6d5a5efea8fa63
parent	f54fb863c6bbcbafdfc332b4a4260abb5a002137 [diff] [blame]