From ad0bc837ac8b22de274495eff1058d9f822e9e02 Mon Sep 17 00:00:00 2001
From: "Serge E. Hallyn" <serue@us.ibm.com>
Date: Wed, 3 Dec 2008 13:17:33 -0600
Subject: [PATCH] --- yaml --- r: 120746 b: refs/heads/master c:
 7657d90497f98426af17f0ac633a9b335bb7a8fb h: refs/heads/master v: v3

---
 [refs]              | 2 +-
 trunk/kernel/fork.c | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/[refs] b/[refs]
index e43b992f404f..ac267dee3e39 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: c37bbb0fdcc01610fd55604eb6927210a1d20044
+refs/heads/master: 7657d90497f98426af17f0ac633a9b335bb7a8fb
diff --git a/trunk/kernel/fork.c b/trunk/kernel/fork.c
index 1dd89451fae4..e3a85b33107e 100644
--- a/trunk/kernel/fork.c
+++ b/trunk/kernel/fork.c
@@ -1344,7 +1344,8 @@ long do_fork(unsigned long clone_flags,
 		/* hopefully this check will go away when userns support is
 		 * complete
 		 */
-		if (!capable(CAP_SYS_ADMIN))
+		if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SETUID) ||
+				!capable(CAP_SETGID))
 			return -EPERM;
 	}