From: Zhang Tianxing zhangtianxing3@huawei.com
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G CVE: NA
--------------------------------
This reverts commit 7fdd1c661de46e5d73583c300f8c35c41a6a7b7c.
Signed-off-by: Zhang Tianxing zhangtianxing3@huawei.com Acked-by: Xie XiuQi xiexiuqi@huawei.com Acked-by: Xiu Jianfengxiujianfeng@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- security/integrity/ima/ima_fs.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index b7959de25a5f..00cd8095d346 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -637,16 +637,12 @@ static const struct file_operations ima_data_upload_ops = { static int ima_open_for_children(struct inode *inode, struct file *file) { struct ima_namespace *ima_ns = get_current_ns(); - struct ima_namespace *ima_ns_for_children = current->nsproxy->ima_ns_for_children;
/* Allow to set children configuration only after unshare() */ if (ima_ns == current->nsproxy->ima_ns_for_children) return -EPERM;
- if (!ns_capable(ima_ns_for_children->user_ns, CAP_SYS_ADMIN)) - return -EPERM; - - return 0; + return ima_open_simple(inode, file); }
static ssize_t ima_write_x509_for_children(struct file *file,