userns: Convert cgroup permission checks to use uid_eq

Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
author: Eric W. Biederman <ebiederm@xmission.com> 2012-03-12 18:44:39 -0400
committer: Eric W. Biederman <ebiederm@xmission.com> 2012-05-15 17:59:30 -0400
commit: 14a590c3f987977d7b09ec926481ee0238c08eee (patch)
tree: b06a1f674d090abde07bbaca03f53fbe3f346609
parent: 8751e03958f2adbfba6a0f186f4c5797c950c22a (diff)
2 files changed, 3 insertions, 4 deletions
diff --git a/init/Kconfig b/init/Kconfig
index 7a5ccb2e9e0f..d24cc75caf65 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -865,7 +865,6 @@ config UIDGID_CONVERTED
        # List of kernel pieces that need user namespace work
        # Features
-        depends on CGROUPS = n
        depends on MIGRATION = n
        depends on NUMA = n
        depends on SYSVIPC = n
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index ed64ccac67c9..c8329b0c2576 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -2160,9 +2160,9 @@ retry_find_task:
                 * only need to check permissions on one of them.
                 */
                tcred = __task_cred(tsk);
-                if (cred->euid &&
+                if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
-                    cred->euid != tcred->uid &&
+                    !uid_eq(cred->euid, tcred->uid) &&
-                    cred->euid != tcred->suid) {
+                    !uid_eq(cred->euid, tcred->suid)) {
                        rcu_read_unlock();
                        ret = -EACCES;
                        goto out_unlock_cgroup;
author	Eric W. Biederman <ebiederm@xmission.com>	2012-03-12 18:44:39 -0400
committer	Eric W. Biederman <ebiederm@xmission.com>	2012-05-15 17:59:30 -0400
commit	14a590c3f987977d7b09ec926481ee0238c08eee (patch)
tree	b06a1f674d090abde07bbaca03f53fbe3f346609
parent	8751e03958f2adbfba6a0f186f4c5797c950c22a (diff)