From: Serge E. Hallyn <serue@us.ibm.com>

Setting file capabilities previously required the cap_sys_admin capability,
since they are stored as extended attributes in the security.* namespace.

Introduce CAP_SETFCAP (to mirror CAP_SETPCAP), and require it for setting
file capabilities instead of CAP_SYS_ADMIN.

Quoting Andrew Morgan,

"CAP_SYS_ADMIN is way too overloaded and this
functionality is special."

Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Cc: Chris Wright <chrisw@sous-sol.org>
Cc: Andrew Morgan <morgan@kernel.org>
Cc: Casey Schaufler <casey@schaufler-ca.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: KaiGai Kohei <kaigai@kaigai.gr.jp>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 include/linux/capability.h |    4 +++-
 security/commoncap.c       |   12 ++++++++++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff -puN include/linux/capability.h~file-capabilities-introduce-cap_setfcap include/linux/capability.h
--- a/include/linux/capability.h~file-capabilities-introduce-cap_setfcap
+++ a/include/linux/capability.h
@@ -322,7 +322,9 @@ typedef __u32 kernel_cap_t;
 
 #define CAP_AUDIT_CONTROL    30
 
-#define CAP_NUMCAPS	     31
+#define CAP_SETFCAP	     31
+
+#define CAP_NUMCAPS	     32
 
 #ifdef __KERNEL__
 /* 
diff -puN security/commoncap.c~file-capabilities-introduce-cap_setfcap security/commoncap.c
--- a/security/commoncap.c~file-capabilities-introduce-cap_setfcap
+++ a/security/commoncap.c
@@ -290,7 +290,11 @@ int cap_bprm_secureexec (struct linux_bi
 int cap_inode_setxattr(struct dentry *dentry, char *name, void *value,
 		       size_t size, int flags)
 {
-	if (!strncmp(name, XATTR_SECURITY_PREFIX,
+	if (!strcmp(name, XATTR_NAME_CAPS)) {
+		if (!capable(CAP_SETFCAP))
+			return -EPERM;
+		return 0;
+	} else if (!strncmp(name, XATTR_SECURITY_PREFIX,
 		     sizeof(XATTR_SECURITY_PREFIX) - 1)  &&
 	    !capable(CAP_SYS_ADMIN))
 		return -EPERM;
@@ -299,7 +303,11 @@ int cap_inode_setxattr(struct dentry *de
 
 int cap_inode_removexattr(struct dentry *dentry, char *name)
 {
-	if (!strncmp(name, XATTR_SECURITY_PREFIX,
+	if (!strcmp(name, XATTR_NAME_CAPS)) {
+		if (!capable(CAP_SETFCAP))
+			return -EPERM;
+		return 0;
+	} else if (!strncmp(name, XATTR_SECURITY_PREFIX,
 		     sizeof(XATTR_SECURITY_PREFIX) - 1)  &&
 	    !capable(CAP_SYS_ADMIN))
 		return -EPERM;
_