user namespaces: require cap_set{ug}id for CLONE_NEWUSER
authorSerge E. Hallyn <serue@us.ibm.com>
Wed, 3 Dec 2008 19:17:33 +0000 (13:17 -0600)
committerJames Morris <jmorris@namei.org>
Sun, 7 Dec 2008 22:16:27 +0000 (09:16 +1100)
commit7657d90497f98426af17f0ac633a9b335bb7a8fb
tree6344dc4715a85383f6492a4102ae406c6b86d79d
parentc37bbb0fdcc01610fd55604eb6927210a1d20044
user namespaces: require cap_set{ug}id for CLONE_NEWUSER

While ideally CLONE_NEWUSER will eventually require no
privilege, the required permission checks are currently
not there.  As a result, CLONE_NEWUSER has the same effect
as a setuid(0)+setgroups(1,"0").  While we already require
CAP_SYS_ADMIN, requiring CAP_SETUID and CAP_SETGID seems
appropriate.

Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: James Morris <jmorris@namei.org>
kernel/fork.c