UPSTREAM: fs,userns: Change inode_capable to capable_wrt_inode_uidgid

(cherry picked from commit 23adbe12ef7d3d4195e80800ab36b37bee28cd03)

The kernel has no concept of capabilities with respect to inodes; inodes
exist independently of namespaces.  For example, inode_capable(inode,
CAP_LINUX_IMMUTABLE) would be nonsense.

This patch changes inode_capable to check for uid and gid mappings and
renames it to capable_wrt_inode_uidgid, which should make it more
obvious what it does.

Fixes CVE-2014-4014.

Cc: Theodore Ts'o <>
Cc: Serge Hallyn <>
Cc: "Eric W. Biederman" <>
Cc: Dave Chinner <>
Signed-off-by: Andy Lutomirski <>
Signed-off-by: Linus Torvalds <>
Signed-off-by: Greg Kroah-Hartman <>
Change-Id: I95e50729c93e93cf0f7d934e7ab3f0f7dfa1ebb0
Bug: 31252187
5 files changed