userns: Allow unprivileged reboot

In a container with its own pid namespace and user namespace, rebooting the system won't reboot the host, but terminate all the processes in it and thus have the container shutdown, so it's safe. Signed-off-by: Li Zefan <lizefan@huawei.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
author: Li Zefan <lizefan@huawei.com> 2012-12-26 22:39:12 -0500
committer: Eric W. Biederman <ebiederm@xmission.com> 2012-12-26 23:29:30 -0500
commit: 923c7538236564c46ee80c253a416705321f13e3 (patch)
tree: d57765040dc118a83f2a7c8892b1d9f051d4c5ff /kernel/sys.c
parent: 48c6d1217e3dc743e7d3ad9b9def8d4810d13a85 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/kernel/sys.c b/kernel/sys.c
index 265b37690421..24d1ef56cd95 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -433,11 +433,12 @@ static DEFINE_MUTEX(reboot_mutex);
 SYSCALL_DEFINE4(reboot, int, magic1, int, magic2, unsigned int, cmd,
                void __user *, arg)
 {
+        struct pid_namespace *pid_ns = task_active_pid_ns(current);
        char buffer[256];
        int ret = 0;
        /* We only trust the superuser with rebooting the system. */
-        if (!capable(CAP_SYS_BOOT))
+        if (!ns_capable(pid_ns->user_ns, CAP_SYS_BOOT))
                return -EPERM;
        /* For safety, we require "magic" arguments. */
@@ -453,7 +454,7 @@ SYSCALL_DEFINE4(reboot, int, magic1, int, magic2, unsigned int, cmd,
         * pid_namespace, the command is handled by reboot_pid_ns() which will
         * call do_exit().
         */
-        ret = reboot_pid_ns(task_active_pid_ns(current), cmd);
+        ret = reboot_pid_ns(pid_ns, cmd);
        if (ret)
                return ret;
author	Li Zefan <lizefan@huawei.com>	2012-12-26 22:39:12 -0500
committer	Eric W. Biederman <ebiederm@xmission.com>	2012-12-26 23:29:30 -0500
commit	923c7538236564c46ee80c253a416705321f13e3 (patch)
tree	d57765040dc118a83f2a7c8892b1d9f051d4c5ff /kernel/sys.c
parent	48c6d1217e3dc743e7d3ad9b9def8d4810d13a85 (diff)