diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2012-02-07 16:45:47 -0800 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-05-03 03:28:40 -0700 |
commit | 18815a18085364d8514c0d0c4c986776cb74272c (patch) | |
tree | a931fb2eee31aee6f8d83ef4493071b9827b1b9f /fs/open.c | |
parent | 9c806aa06f8e121c6058db8e8073798aa5c4355b (diff) | |
download | lwn-18815a18085364d8514c0d0c4c986776cb74272c.tar.gz lwn-18815a18085364d8514c0d0c4c986776cb74272c.zip |
userns: Convert capabilities related permsion checks
- Use uid_eq when comparing kuids
Use gid_eq when comparing kgids
- Use make_kuid(user_ns, 0) to talk about the user_namespace root uid
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Diffstat (limited to 'fs/open.c')
-rw-r--r-- | fs/open.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/open.c b/fs/open.c index 5720854156db..92335f663545 100644 --- a/fs/open.c +++ b/fs/open.c @@ -316,7 +316,8 @@ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode) if (!issecure(SECURE_NO_SETUID_FIXUP)) { /* Clear the capabilities if we switch to a non-root user */ - if (override_cred->uid) + kuid_t root_uid = make_kuid(override_cred->user_ns, 0); + if (!uid_eq(override_cred->uid, root_uid)) cap_clear(override_cred->cap_effective); else override_cred->cap_effective = |