files: try to change fsuid only if linkat() failed

We found that linkat for "unsafe" files doesn't work in userns
if a file uid isn't equal to the currect fsuid. This issue was
fixed by changing fsuid before calling linkat. But in this
case we are not able to createa link if a target directory doesn't
have write premissions.

Starting with the 4.3 kernel, it's possible to create links of
"unsafe files":

f2ca379642d7 ("namei: permit linking with CAP_FOWNER in userns")

So we can try to call linkat() without changing fsuid and make one
more attempt with changing fsuid if the first one failed with EPERM.
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>

criu/files-reg.c

@@ -1207,9 +1207,14 @@ static int linkat_hard(int odir, char *opath, int ndir, char *npath, uid_t owner
 	int ret, old_fsuid = -1;
 	int errno_save;
 
-	if (root_ns_mask & CLONE_NEWUSER)
+	ret = linkat(odir, opath, ndir, npath, 0);
+	if (ret < 0)
+		pr_perror("Can't link %s -> %s", opath, npath);
+	if (ret == 0 || errno != EPERM || !(root_ns_mask & CLONE_NEWUSER))
+		return ret;
+
 	/*
-		 * Kernel has strange secutiry restrictions about
+	 * Kernel before 4.3 has strange secutiry restrictions about
 	 * linkat. If the fsuid of the caller doesn't equals
 	 * the uid of the file and the file is not "safe"
 	 * one, then only global CAP_CHOWN will be allowed
@@ -1231,7 +1236,6 @@ static int linkat_hard(int odir, char *opath, int ndir, char *npath, uid_t owner
 	if (ret < 0)
 		pr_perror("Can't link %s -> %s", opath, npath);
 
-	if (root_ns_mask & CLONE_NEWUSER) {
 	setfsuid(old_fsuid);
 	if (setfsuid(-1) != old_fsuid) {
 		pr_warn("Failed to restore old fsuid!\n");
@@ -1249,7 +1253,7 @@ static int linkat_hard(int odir, char *opath, int ndir, char *npath, uid_t owner
 	 * check fail when trying to access files in /proc/self/
 	 */
 	prctl(PR_SET_DUMPABLE, 1, 0);
-	}
+
 	errno = errno_save;
 
 	return ret;