summaryrefslogtreecommitdiff
path: root/fs/open.c
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2012-02-07 16:45:47 -0800
committerEric W. Biederman <ebiederm@xmission.com>2012-05-03 03:28:40 -0700
commit18815a18085364d8514c0d0c4c986776cb74272c (patch)
treea931fb2eee31aee6f8d83ef4493071b9827b1b9f /fs/open.c
parent9c806aa06f8e121c6058db8e8073798aa5c4355b (diff)
downloadlwn-18815a18085364d8514c0d0c4c986776cb74272c.tar.gz
lwn-18815a18085364d8514c0d0c4c986776cb74272c.zip
userns: Convert capabilities related permsion checks
- Use uid_eq when comparing kuids Use gid_eq when comparing kgids - Use make_kuid(user_ns, 0) to talk about the user_namespace root uid Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Diffstat (limited to 'fs/open.c')
-rw-r--r--fs/open.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/open.c b/fs/open.c
index 5720854156db..92335f663545 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -316,7 +316,8 @@ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode)
if (!issecure(SECURE_NO_SETUID_FIXUP)) {
/* Clear the capabilities if we switch to a non-root user */
- if (override_cred->uid)
+ kuid_t root_uid = make_kuid(override_cred->user_ns, 0);
+ if (!uid_eq(override_cred->uid, root_uid))
cap_clear(override_cred->cap_effective);
else
override_cred->cap_effective =