From: Zhang Tianxing <zhangtianxing3@huawei.com> hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G CVE: NA -------------------------------- This reverts commit 7fdd1c661de46e5d73583c300f8c35c41a6a7b7c. Signed-off-by: Zhang Tianxing <zhangtianxing3@huawei.com> Acked-by: Xie XiuQi <xiexiuqi@huawei.com> Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com> Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> --- security/integrity/ima/ima_fs.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index b7959de25a5f..00cd8095d346 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -637,16 +637,12 @@ static const struct file_operations ima_data_upload_ops = { static int ima_open_for_children(struct inode *inode, struct file *file) { struct ima_namespace *ima_ns = get_current_ns(); - struct ima_namespace *ima_ns_for_children = current->nsproxy->ima_ns_for_children; /* Allow to set children configuration only after unshare() */ if (ima_ns == current->nsproxy->ima_ns_for_children) return -EPERM; - if (!ns_capable(ima_ns_for_children->user_ns, CAP_SYS_ADMIN)) - return -EPERM; - - return 0; + return ima_open_simple(inode, file); } static ssize_t ima_write_x509_for_children(struct file *file, -- 2.20.1