diff options
author | James Morris <jmorris@namei.org> | 2008-11-26 00:26:44 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-11-26 00:26:44 -0500 |
commit | 3496f92beb9aa99ef21fccc154a36c7698e9c538 (patch) | |
tree | 2492602c6316b654378c3b557e206923956e59f4 /kernel/fork.c | |
parent | 200036ca9b3f0b2250912142552ce56682190f95 (diff) | |
parent | 6ded6ab9be4f6164aef1c527407c1b94f0929799 (diff) |
Merge branch 'serge-next' into next
Diffstat (limited to 'kernel/fork.c')
-rw-r--r-- | kernel/fork.c | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/kernel/fork.c b/kernel/fork.c index 29c18c14812d..1dd89451fae4 100644 --- a/kernel/fork.c +++ b/kernel/fork.c | |||
@@ -976,7 +976,7 @@ static struct task_struct *copy_process(unsigned long clone_flags, | |||
976 | if (atomic_read(&p->real_cred->user->processes) >= | 976 | if (atomic_read(&p->real_cred->user->processes) >= |
977 | p->signal->rlim[RLIMIT_NPROC].rlim_cur) { | 977 | p->signal->rlim[RLIMIT_NPROC].rlim_cur) { |
978 | if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && | 978 | if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && |
979 | p->real_cred->user != current->nsproxy->user_ns->root_user) | 979 | p->real_cred->user != INIT_USER) |
980 | goto bad_fork_free; | 980 | goto bad_fork_free; |
981 | } | 981 | } |
982 | 982 | ||
@@ -1335,6 +1335,20 @@ long do_fork(unsigned long clone_flags, | |||
1335 | long nr; | 1335 | long nr; |
1336 | 1336 | ||
1337 | /* | 1337 | /* |
1338 | * Do some preliminary argument and permissions checking before we | ||
1339 | * actually start allocating stuff | ||
1340 | */ | ||
1341 | if (clone_flags & CLONE_NEWUSER) { | ||
1342 | if (clone_flags & CLONE_THREAD) | ||
1343 | return -EINVAL; | ||
1344 | /* hopefully this check will go away when userns support is | ||
1345 | * complete | ||
1346 | */ | ||
1347 | if (!capable(CAP_SYS_ADMIN)) | ||
1348 | return -EPERM; | ||
1349 | } | ||
1350 | |||
1351 | /* | ||
1338 | * We hope to recycle these flags after 2.6.26 | 1352 | * We hope to recycle these flags after 2.6.26 |
1339 | */ | 1353 | */ |
1340 | if (unlikely(clone_flags & CLONE_STOPPED)) { | 1354 | if (unlikely(clone_flags & CLONE_STOPPED)) { |
@@ -1581,8 +1595,7 @@ asmlinkage long sys_unshare(unsigned long unshare_flags) | |||
1581 | err = -EINVAL; | 1595 | err = -EINVAL; |
1582 | if (unshare_flags & ~(CLONE_THREAD|CLONE_FS|CLONE_NEWNS|CLONE_SIGHAND| | 1596 | if (unshare_flags & ~(CLONE_THREAD|CLONE_FS|CLONE_NEWNS|CLONE_SIGHAND| |
1583 | CLONE_VM|CLONE_FILES|CLONE_SYSVSEM| | 1597 | CLONE_VM|CLONE_FILES|CLONE_SYSVSEM| |
1584 | CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWUSER| | 1598 | CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWNET)) |
1585 | CLONE_NEWNET)) | ||
1586 | goto bad_unshare_out; | 1599 | goto bad_unshare_out; |
1587 | 1600 | ||
1588 | /* | 1601 | /* |