STABLE14-linux26-defer-cred-changing-20090511

LICENSE IPL10
FIXES 124737

Newer Linux kernels differentiate between the real and effective
credentials of a process, and prevent a process's credentials from being
change when the effective credentials have been set to a different value.
When AFS notices a keyring PAG exists but no group-based PAG does, the
attempt to rectify this, if done in a VFS call (which changes effective creds)
triggers this issue. We defer the change to the groups to avoid it.

(cherry picked from commit 7d530b9080f6dd4d7f7e4555ed6ce855ff81bcaa)

diff --git a/src/afs/LINUX/osi_cred.c b/src/afs/LINUX/osi_cred.c
index 22f4bb53f4329e2ac172bd6635c9fcaeebf574ab..8642a9fa4aaaa995375a28871b6ca41d984181e8 100644 (file)
--- a/src/afs/LINUX/osi_cred.c
+++ b/src/afs/LINUX/osi_cred.c
@@ -104,6 +104,12 @@ crset(cred_t * cr)
 #if defined(STRUCT_TASK_HAS_CRED)
     struct cred *new_creds;
 
+    /* If our current task doesn't have identical real and effective
+     * credentials, commit_cred won't let us change them, so we just
+     * bail here.
+     */
+    if (current->cred != current->real_cred)
+        return;
     new_creds = prepare_creds();
     new_creds->fsuid = cr->cr_uid;
     new_creds->uid = cr->cr_ruid;