summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/fs/inode.go
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/sentry/fs/inode.go')
-rw-r--r--pkg/sentry/fs/inode.go5
1 files changed, 1 insertions, 4 deletions
diff --git a/pkg/sentry/fs/inode.go b/pkg/sentry/fs/inode.go
index 95769ccf8..38b140bd2 100644
--- a/pkg/sentry/fs/inode.go
+++ b/pkg/sentry/fs/inode.go
@@ -439,10 +439,7 @@ func (i *Inode) CheckOwnership(ctx context.Context) bool {
// CheckCapability checks whether `ctx` has capability `cp` with respect to
// operations on this Inode.
//
-// Compare Linux's kernel/capability.c:capable_wrt_inode_uidgid(). Note that
-// this function didn't exist in Linux 3.11.10, but was added by upstream
-// 23adbe12ef7d "fs,userns: Change inode_capable to capable_wrt_inode_uidgid"
-// to fix local privilege escalation CVE-2014-4014.
+// Compare Linux's kernel/capability.c:capable_wrt_inode_uidgid().
func (i *Inode) CheckCapability(ctx context.Context, cp linux.Capability) bool {
uattr, err := i.UnstableAttr(ctx)
if err != nil {
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-08 12:51:35 +0000