userns: Convert ptrace, kill, set_priority permission checks to work with kuids and kgids

Update the permission checks to use the new uid_eq and gid_eq helpers
and remove the now unnecessary user_ns equality comparison.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>

1 files changed, 6 insertions, 9 deletions

diff --git a/kernel/signal.c b/kernel/signal.c
index d6303277a640..aef629c65c87 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -767,11 +767,10 @@ static int kill_ok_by_cred(struct task_struct *t)
         const struct cred *cred = current_cred();
         const struct cred *tcred = __task_cred(t);
 
-        if (cred->user_ns == tcred->user_ns &&
-            (cred->euid == tcred->suid ||
-             cred->euid == tcred->uid ||
-             cred->uid  == tcred->suid ||
-             cred->uid  == tcred->uid))
+        if (uid_eq(cred->euid, tcred->suid) ||
+            uid_eq(cred->euid, tcred->uid)  ||
+            uid_eq(cred->uid,  tcred->suid) ||
+            uid_eq(cred->uid,  tcred->uid))
                 return 1;
 
         if (ns_capable(tcred->user_ns, CAP_KILL))
@@ -1389,10 +1388,8 @@ static int kill_as_cred_perm(const struct cred *cred,
                              struct task_struct *target)
 {
         const struct cred *pcred = __task_cred(target);
-        if (cred->user_ns != pcred->user_ns)
-                return 0;
-        if (cred->euid != pcred->suid && cred->euid != pcred->uid &&
-            cred->uid  != pcred->suid && cred->uid  != pcred->uid)
+        if (!uid_eq(cred->euid, pcred->suid) && !uid_eq(cred->euid, pcred->uid) &&
+            !uid_eq(cred->uid,  pcred->suid) && !uid_eq(cred->uid,  pcred->uid))
                 return 0;
         return 1;
 }