Skip to content

Commit

Permalink
userns: Convert cgroup permission checks to use uid_eq
Browse files Browse the repository at this point in the history 
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
  • Loading branch information
Eric W. Biederman committed May 15, 2012
1 parent 8751e03 commit 14a590c
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 4 deletions.
1 change: 0 additions & 1 deletion init/Kconfig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -865,7 +865,6 @@ config UIDGID_CONVERTED

# List of kernel pieces that need user namespace work
# Features
depends on CGROUPS = n
depends on MIGRATION = n
depends on NUMA = n
depends on SYSVIPC = n
Expand Down
6 changes: 3 additions & 3 deletions kernel/cgroup.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2160,9 +2160,9 @@ static int attach_task_by_pid(struct cgroup *cgrp, u64 pid, bool threadgroup)
* only need to check permissions on one of them.
*/
tcred = __task_cred(tsk);
if (cred->euid &&
cred->euid != tcred->uid &&
cred->euid != tcred->suid) {
if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
!uid_eq(cred->euid, tcred->uid) &&
!uid_eq(cred->euid, tcred->suid)) {
rcu_read_unlock();
ret = -EACCES;
goto out_unlock_cgroup;
Expand Down

0 comments on commit 14a590c

Please sign in to comment.