userns: Convert cgroup permission checks to use uid_eq
Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
This commit is contained in:
parent
8751e03958
commit
14a590c3f9
2 changed files with 3 additions and 4 deletions
|
@ -865,7 +865,6 @@ config UIDGID_CONVERTED
|
|||
|
||||
# List of kernel pieces that need user namespace work
|
||||
# Features
|
||||
depends on CGROUPS = n
|
||||
depends on MIGRATION = n
|
||||
depends on NUMA = n
|
||||
depends on SYSVIPC = n
|
||||
|
|
|
@ -2160,9 +2160,9 @@ static int attach_task_by_pid(struct cgroup *cgrp, u64 pid, bool threadgroup)
|
|||
* only need to check permissions on one of them.
|
||||
*/
|
||||
tcred = __task_cred(tsk);
|
||||
if (cred->euid &&
|
||||
cred->euid != tcred->uid &&
|
||||
cred->euid != tcred->suid) {
|
||||
if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
|
||||
!uid_eq(cred->euid, tcred->uid) &&
|
||||
!uid_eq(cred->euid, tcred->suid)) {
|
||||
rcu_read_unlock();
|
||||
ret = -EACCES;
|
||||
goto out_unlock_cgroup;
|
||||
|
|
Loading…
Reference in a new issue