Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (105 commits) SELinux: don't check permissions for kernel mounts security: pass mount flags to security_sb_kern_mount() SELinux: correctly detect proc filesystems of the form "proc/foo" Audit: Log TIOCSTI user namespaces: document CFS behavior user namespaces: require cap_set{ug}id for CLONE_NEWUSER user namespaces: let user_ns be cloned with fairsched CRED: fix sparse warnings User namespaces: use the current_user_ns() macro User namespaces: set of cleanups (v2) nfsctl: add headers for credentials coda: fix creds reference capabilities: define get_vfs_caps_from_disk when file caps are not enabled CRED: Allow kernel services to override LSM settings for task actions CRED: Add a kernel_service object class to SELinux CRED: Differentiate objective and effective subjective credentials on a task CRED: Documentation CRED: Use creds in file structs CRED: Prettify commoncap.c CRED: Make execve() take advantage of copy-on-write credentials ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2008-12-28 14:43:54 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2008-12-28 14:43:54 -0500
commit: bb26c6c29b7cc9f39e491b074b09f3c284738d36 (patch)
tree: c7867af2bb4ff0feae889183efcd4d79b0f9a325 /kernel/nsproxy.c
parent: e14e61e967f2b3bdf23f05e4ae5b9aa830151a44 (diff)
parent: cbacc2c7f066a1e01b33b0e27ae5efbf534bc2db (diff)
1 files changed, 2 insertions, 13 deletions
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
index 1d3ef29a2583..63598dca2d0c 100644
--- a/kernel/nsproxy.c
+++ b/kernel/nsproxy.c
@@ -80,12 +80,6 @@ static struct nsproxy *create_new_namespaces(unsigned long flags,
                goto out_pid;
        }
-        new_nsp->user_ns = copy_user_ns(flags, tsk->nsproxy->user_ns);
-        if (IS_ERR(new_nsp->user_ns)) {
-                err = PTR_ERR(new_nsp->user_ns);
-                goto out_user;
-        }
        new_nsp->net_ns = copy_net_ns(flags, tsk->nsproxy->net_ns);
        if (IS_ERR(new_nsp->net_ns)) {
                err = PTR_ERR(new_nsp->net_ns);
@@ -95,9 +89,6 @@ static struct nsproxy *create_new_namespaces(unsigned long flags,
        return new_nsp;
 out_net:
-        if (new_nsp->user_ns)
-                put_user_ns(new_nsp->user_ns);
-out_user:
        if (new_nsp->pid_ns)
                put_pid_ns(new_nsp->pid_ns);
 out_pid:
@@ -130,7 +121,7 @@ int copy_namespaces(unsigned long flags, struct task_struct *tsk)
        get_nsproxy(old_ns);
        if (!(flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC |
-                                CLONE_NEWUSER | CLONE_NEWPID | CLONE_NEWNET)))
+                                CLONE_NEWPID | CLONE_NEWNET)))
                return 0;
        if (!capable(CAP_SYS_ADMIN)) {
@@ -173,8 +164,6 @@ void free_nsproxy(struct nsproxy *ns)
                put_ipc_ns(ns->ipc_ns);
        if (ns->pid_ns)
                put_pid_ns(ns->pid_ns);
-        if (ns->user_ns)
-                put_user_ns(ns->user_ns);
        put_net(ns->net_ns);
        kmem_cache_free(nsproxy_cachep, ns);
 }
@@ -189,7 +178,7 @@ int unshare_nsproxy_namespaces(unsigned long unshare_flags,
        int err = 0;
        if (!(unshare_flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC |
-                               CLONE_NEWUSER | CLONE_NEWNET)))
+                               CLONE_NEWNET)))
                return 0;
        if (!capable(CAP_SYS_ADMIN))
author	Linus Torvalds <torvalds@linux-foundation.org>	2008-12-28 14:43:54 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2008-12-28 14:43:54 -0500
commit	bb26c6c29b7cc9f39e491b074b09f3c284738d36 (patch)
tree	c7867af2bb4ff0feae889183efcd4d79b0f9a325 /kernel/nsproxy.c
parent	e14e61e967f2b3bdf23f05e4ae5b9aa830151a44 (diff)
parent	cbacc2c7f066a1e01b33b0e27ae5efbf534bc2db (diff)