kernel-magellan/patches-3.8/0109-3.8.10-all-fixes.patch

diff --git a/include/linux/capability.h b/include/linux/capability.h
index 98503b7..d9a4f7f4 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -35,6 +35,7 @@ struct cpu_vfs_cap_data {
 #define _KERNEL_CAP_T_SIZE     (sizeof(kernel_cap_t))
 
 
+struct file;
 struct inode;
 struct dentry;
 struct user_namespace;
@@ -211,6 +212,7 @@ extern bool capable(int cap);
 extern bool ns_capable(struct user_namespace *ns, int cap);
 extern bool nsown_capable(int cap);
 extern bool inode_capable(const struct inode *inode, int cap);
+extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap);
 
 /* audit system wants to get cap info from files as well */
 extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
diff --git a/kernel/capability.c b/kernel/capability.c
index 493d972..f6c2ce5 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -393,6 +393,30 @@ bool ns_capable(struct user_namespace *ns, int cap)
 EXPORT_SYMBOL(ns_capable);
 
 /**
+ * file_ns_capable - Determine if the file's opener had a capability in effect
+ * @file:  The file we want to check
+ * @ns:  The usernamespace we want the capability in
+ * @cap: The capability to be tested for
+ *
+ * Return true if task that opened the file had a capability in effect
+ * when the file was opened.
+ *
+ * This does not set PF_SUPERPRIV because the caller may not
+ * actually be privileged.
+ */
+bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap)
+{
+	if (WARN_ON_ONCE(!cap_valid(cap)))
+		return false;
+
+	if (security_capable(file->f_cred, ns, cap) == 0)
+		return true;
+
+	return false;
+}
+EXPORT_SYMBOL(file_ns_capable);
+
+/**
  * capable - Determine if the current task has a superior capability in effect
  * @cap: The capability to be tested for
  *
1	diff --git a/include/linux/capability.h b/include/linux/capability.h
2	index 98503b7..d9a4f7f4 100644
3	--- a/include/linux/capability.h
4	+++ b/include/linux/capability.h
5	@@ -35,6 +35,7 @@ struct cpu_vfs_cap_data {
6	#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t))
7
8
9	+struct file;
10	struct inode;
11	struct dentry;
12	struct user_namespace;
13	@@ -211,6 +212,7 @@ extern bool capable(int cap);
14	extern bool ns_capable(struct user_namespace *ns, int cap);
15	extern bool nsown_capable(int cap);
16	extern bool inode_capable(const struct inode *inode, int cap);
17	+extern bool file_ns_capable(const struct file file, struct user_namespace ns, int cap);
18
19	/* audit system wants to get cap info from files as well */
20	extern int get_vfs_caps_from_disk(const struct dentry dentry, struct cpu_vfs_cap_data cpu_caps);
21	diff --git a/kernel/capability.c b/kernel/capability.c
22	index 493d972..f6c2ce5 100644
23	--- a/kernel/capability.c
24	+++ b/kernel/capability.c
25	@@ -393,6 +393,30 @@ bool ns_capable(struct user_namespace *ns, int cap)
26	EXPORT_SYMBOL(ns_capable);
27
28	/**
29	+ * file_ns_capable - Determine if the file's opener had a capability in effect
30	+ * @file: The file we want to check
31	+ * @ns: The usernamespace we want the capability in
32	+ * @cap: The capability to be tested for
33	+ *
34	+ * Return true if task that opened the file had a capability in effect
35	+ * when the file was opened.
36	+ *
37	+ * This does not set PF_SUPERPRIV because the caller may not
38	+ * actually be privileged.
39	+ */
40	+bool file_ns_capable(const struct file file, struct user_namespace ns, int cap)
41	+{
42	+ if (WARN_ON_ONCE(!cap_valid(cap)))
43	+ return false;
44	+
45	+ if (security_capable(file->f_cred, ns, cap) == 0)
46	+ return true;
47	+
48	+ return false;
49	+}
50	+EXPORT_SYMBOL(file_ns_capable);
51	+
52	+/**
53	* capable - Determine if the current task has a superior capability in effect
54	* @cap: The capability to be tested for
55	*