- /* Only valid if client is remote */
- rc = mdt_init_ucred(info, (struct mdt_body *)info->mti_body);
- if (rc)
- GOTO(out_obj, rc = err_serious(rc));
+ if (req_capsule_get_size(info->mti_pill, &RMF_CAPA1, RCL_CLIENT))
+ mdt_set_capainfo(info, 0, &info->mti_body->mbo_fid1,
+ req_capsule_client_get(info->mti_pill, &RMF_CAPA1));
+
+ /* Non-root users are forbidden to set or clear flags which are
+ * NOT defined in HSM_USER_MASK. */
+ if (((hss->hss_setmask | hss->hss_clearmask) & ~HSM_USER_MASK) &&
+ !md_capable(mdt_ucred(info), CFS_CAP_SYS_ADMIN))
+ GOTO(out_unlock, rc = -EPERM);