diff options
author | Serge E. Hallyn <serue@us.ibm.com> | 2008-12-03 14:17:33 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-12-07 17:16:27 -0500 |
commit | 7657d90497f98426af17f0ac633a9b335bb7a8fb (patch) | |
tree | 6344dc4715a85383f6492a4102ae406c6b86d79d | |
parent | c37bbb0fdcc01610fd55604eb6927210a1d20044 (diff) |
user namespaces: require cap_set{ug}id for CLONE_NEWUSER
While ideally CLONE_NEWUSER will eventually require no
privilege, the required permission checks are currently
not there. As a result, CLONE_NEWUSER has the same effect
as a setuid(0)+setgroups(1,"0"). While we already require
CAP_SYS_ADMIN, requiring CAP_SETUID and CAP_SETGID seems
appropriate.
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r-- | kernel/fork.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/kernel/fork.c b/kernel/fork.c index 1dd89451fae4..e3a85b33107e 100644 --- a/kernel/fork.c +++ b/kernel/fork.c | |||
@@ -1344,7 +1344,8 @@ long do_fork(unsigned long clone_flags, | |||
1344 | /* hopefully this check will go away when userns support is | 1344 | /* hopefully this check will go away when userns support is |
1345 | * complete | 1345 | * complete |
1346 | */ | 1346 | */ |
1347 | if (!capable(CAP_SYS_ADMIN)) | 1347 | if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SETUID) || |
1348 | !capable(CAP_SETGID)) | ||
1348 | return -EPERM; | 1349 | return -EPERM; |
1349 | } | 1350 | } |
1350 | 1351 | ||