projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c37bbb0)
user namespaces: require cap_set{ug}id for CLONE_NEWUSER
authorSerge E. Hallyn <serue@us.ibm.com>
Wed, 3 Dec 2008 19:17:33 +0000 (13:17 -0600)
committerJames Morris <jmorris@namei.org>
Sun, 7 Dec 2008 22:16:27 +0000 (09:16 +1100)
While ideally CLONE_NEWUSER will eventually require no
privilege, the required permission checks are currently
not there.  As a result, CLONE_NEWUSER has the same effect
as a setuid(0)+setgroups(1,"0").  While we already require
CAP_SYS_ADMIN, requiring CAP_SETUID and CAP_SETGID seems
appropriate.

Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: James Morris <jmorris@namei.org>
kernel/fork.c patch | blob | blame | history

diff --git a/kernel/fork.c b/kernel/fork.c
index 1dd89451fae468b4d350e6a0cb638f730ff52919..e3a85b33107eca09aa21dd116b14f9676523c0d7 100644 (file)
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1344,7 +1344,8 @@ long do_fork(unsigned long clone_flags,
                /* hopefully this check will go away when userns support is
                 * complete
                 */
-               if (!capable(CAP_SYS_ADMIN))
+               if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SETUID) ||
+                               !capable(CAP_SETGID))
                        return -EPERM;
        }