projects
/
GitHub
/
mt8127
/
android_kernel_alcatel_ttab.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
kernel/extable.c: mark core_kernel_text notrace
[GitHub/mt8127/android_kernel_alcatel_ttab.git]
/
kernel
/
groups.c
diff --git
a/kernel/groups.c
b/kernel/groups.c
index 6b2588dd04ff20fb89995394f9c530a2613fbb83..67b4ba30475fbc2b902e5a6226aeac2d2aaa5803 100644
(file)
--- a/
kernel/groups.c
+++ b/
kernel/groups.c
@@
-6,6
+6,7
@@
#include <linux/slab.h>
#include <linux/security.h>
#include <linux/syscalls.h>
#include <linux/slab.h>
#include <linux/security.h>
#include <linux/syscalls.h>
+#include <linux/user_namespace.h>
#include <asm/uaccess.h>
/* init to 2 - one for init_task, one to ensure it is never freed */
#include <asm/uaccess.h>
/* init to 2 - one for init_task, one to ensure it is never freed */
@@
-223,6
+224,14
@@
out:
return i;
}
return i;
}
+bool may_setgroups(void)
+{
+ struct user_namespace *user_ns = current_user_ns();
+
+ return ns_capable(user_ns, CAP_SETGID) &&
+ userns_may_setgroups(user_ns);
+}
+
/*
* SMP: Our groups are copy-on-write. We can set them safely
* without another task interfering.
/*
* SMP: Our groups are copy-on-write. We can set them safely
* without another task interfering.
@@
-233,7
+242,7
@@
SYSCALL_DEFINE2(setgroups, int, gidsetsize, gid_t __user *, grouplist)
struct group_info *group_info;
int retval;
struct group_info *group_info;
int retval;
- if (!
nsown_capable(CAP_SETGID
))
+ if (!
may_setgroups(
))
return -EPERM;
if ((unsigned)gidsetsize > NGROUPS_MAX)
return -EINVAL;
return -EPERM;
if ((unsigned)gidsetsize > NGROUPS_MAX)
return -EINVAL;