aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSerge E. Hallyn <serue@us.ibm.com>2008-12-03 14:17:33 -0500
committerJames Morris <jmorris@namei.org>2008-12-07 17:16:27 -0500
commit7657d90497f98426af17f0ac633a9b335bb7a8fb (patch)
tree6344dc4715a85383f6492a4102ae406c6b86d79d
parentc37bbb0fdcc01610fd55604eb6927210a1d20044 (diff)
user namespaces: require cap_set{ug}id for CLONE_NEWUSER
While ideally CLONE_NEWUSER will eventually require no privilege, the required permission checks are currently not there. As a result, CLONE_NEWUSER has the same effect as a setuid(0)+setgroups(1,"0"). While we already require CAP_SYS_ADMIN, requiring CAP_SETUID and CAP_SETGID seems appropriate. Signed-off-by: Serge E. Hallyn <serue@us.ibm.com> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r--kernel/fork.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/kernel/fork.c b/kernel/fork.c
index 1dd89451fae4..e3a85b33107e 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1344,7 +1344,8 @@ long do_fork(unsigned long clone_flags,
1344 /* hopefully this check will go away when userns support is 1344 /* hopefully this check will go away when userns support is
1345 * complete 1345 * complete
1346 */ 1346 */
1347 if (!capable(CAP_SYS_ADMIN)) 1347 if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SETUID) ||
1348 !capable(CAP_SETGID))
1348 return -EPERM; 1349 return -EPERM;
1349 } 1350 }
1350 1351