diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2012-03-12 15:44:39 -0700 |
|---|---|---|
| committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-05-15 14:59:30 -0700 |
| commit | 14a590c3f987977d7b09ec926481ee0238c08eee (patch) | |
| tree | b06a1f674d090abde07bbaca03f53fbe3f346609 | |
| parent | 8751e03958f2adbfba6a0f186f4c5797c950c22a (diff) | |
userns: Convert cgroup permission checks to use uid_eq
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| -rw-r--r-- | init/Kconfig | 1 | ||||
| -rw-r--r-- | kernel/cgroup.c | 6 |
2 files changed, 3 insertions, 4 deletions
diff --git a/init/Kconfig b/init/Kconfig index 7a5ccb2e9e0f..d24cc75caf65 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -865,7 +865,6 @@ config UIDGID_CONVERTED # List of kernel pieces that need user namespace work # Features - depends on CGROUPS = n depends on MIGRATION = n depends on NUMA = n depends on SYSVIPC = n diff --git a/kernel/cgroup.c b/kernel/cgroup.c index ed64ccac67c9..c8329b0c2576 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c @@ -2160,9 +2160,9 @@ retry_find_task: * only need to check permissions on one of them. */ tcred = __task_cred(tsk); - if (cred->euid && - cred->euid != tcred->uid && - cred->euid != tcred->suid) { + if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) && + !uid_eq(cred->euid, tcred->uid) && + !uid_eq(cred->euid, tcred->suid)) { rcu_read_unlock(); ret = -EACCES; goto out_unlock_cgroup; |