1 files changed, 5 insertions, 0 deletions

diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 6e80f4c1322b..a2e37c5d2f63 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -826,6 +826,11 @@ static bool new_idmap_permitted(const struct file *file,
                         kuid_t uid = make_kuid(ns->parent, id);
                         if (uid_eq(uid, cred->euid))
                                 return true;
+                } else if (cap_setid == CAP_SETGID) {
+                        kgid_t gid = make_kgid(ns->parent, id);
+                        if (!(ns->flags & USERNS_SETGROUPS_ALLOWED) &&
+                            gid_eq(gid, cred->egid))
+                                return true;
                 }
         }