generic: check CAP_LINUX_IMMUTABLE capability
authorJiufei Xue <jiufei.xue@linux.alibaba.com>
Wed, 8 May 2019 07:10:00 +0000 (15:10 +0800)
committerEryu Guan <guaneryu@gmail.com>
Fri, 10 May 2019 08:30:23 +0000 (16:30 +0800)
commit80bac2129b0619064ac5bda6e1822765fc95cf71
treedb35cd2ca0e88b1e2a2b18f6a430f808c3ea30b2
parent9820d643ea3730dbb2db3c6b9072c5231b71f303
generic: check CAP_LINUX_IMMUTABLE capability

It should return error while changing IMMUTABLE_FL and APPEND_FL if the
process has no capability CAP_LINUX_IMMUTABLE.

However, it's not true on overlayfs after kernel version v4.19 since
the process's subjective cred is overridden with ofs->creator_cred
before calling real vfs_ioctl.

The following patch for ovl fix the problem:
  "ovl: check the capability before cred overridden"

Add this testcase to cover this bug.

Signed-off-by: Jiufei Xue <jiufei.xue@linux.alibaba.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
common/config
tests/generic/545 [new file with mode: 0755]
tests/generic/545.out [new file with mode: 0644]
tests/generic/group