diff options
| author | Eric W. Biederman <[email protected]> | 2013-03-20 19:49:49 +0000 |
|---|---|---|
| committer | Eric W. Biederman <[email protected]> | 2013-08-31 06:44:11 +0000 |
| commit | c7b96acf1456ef127fef461fcfedb54b81fecfbb (patch) | |
| tree | 1cc9387d23e96685453e545bda6d5a5efea8fa63 /net/core/scm.c | |
| parent | capabilities: allow nice if we are privileged (diff) | |
| download | kernel-c7b96acf1456ef127fef461fcfedb54b81fecfbb.tar.gz kernel-c7b96acf1456ef127fef461fcfedb54b81fecfbb.zip | |
userns: Kill nsown_capable it makes the wrong thing easy
nsown_capable is a special case of ns_capable essentially for just CAP_SETUID and
CAP_SETGID. For the existing users it doesn't noticably simplify things and
from the suggested patches I have seen it encourages people to do the wrong
thing. So remove nsown_capable.
Acked-by: Serge Hallyn <[email protected]>
Signed-off-by: "Eric W. Biederman" <[email protected]>
Diffstat (limited to 'net/core/scm.c')
| -rw-r--r-- | net/core/scm.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/core/scm.c b/net/core/scm.c index 03795d0147f2..c346f58d97c2 100644 --- a/net/core/scm.c +++ b/net/core/scm.c @@ -56,9 +56,9 @@ static __inline__ int scm_check_creds(struct ucred *creds) if ((creds->pid == task_tgid_vnr(current) || ns_capable(current->nsproxy->pid_ns->user_ns, CAP_SYS_ADMIN)) && ((uid_eq(uid, cred->uid) || uid_eq(uid, cred->euid) || - uid_eq(uid, cred->suid)) || nsown_capable(CAP_SETUID)) && + uid_eq(uid, cred->suid)) || ns_capable(cred->user_ns, CAP_SETUID)) && ((gid_eq(gid, cred->gid) || gid_eq(gid, cred->egid) || - gid_eq(gid, cred->sgid)) || nsown_capable(CAP_SETGID))) { + gid_eq(gid, cred->sgid)) || ns_capable(cred->user_ns, CAP_SETGID))) { return 0; } return -EPERM; |