12 files changed, 24 insertions, 24 deletions
diff --git a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c
index ab2248090515..a750f957b145 100644
--- a/fs/ecryptfs/messaging.c
+++ b/fs/ecryptfs/messaging.c
@@ -303,7 +303,7 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid,
                mutex_unlock(&ecryptfs_daemon_hash_mux);
                goto wake_up;
        }
-        tsk_user_ns = __task_cred(msg_ctx->task)->user->user_ns;
+        tsk_user_ns = __task_cred(msg_ctx->task)->user_ns;
        ctx_euid = task_euid(msg_ctx->task);
        rc = ecryptfs_find_daemon_by_euid(&daemon, ctx_euid, tsk_user_ns);
        rcu_read_unlock();
diff --git a/ipc/namespace.c b/ipc/namespace.c
index ce0a647869b1..f362298c5ce4 100644
--- a/ipc/namespace.c
+++ b/ipc/namespace.c
@@ -46,7 +46,7 @@ static struct ipc_namespace *create_ipc_ns(struct task_struct *tsk,
        ipcns_notify(IPCNS_CREATED);
        register_ipcns_notifier(ns);
-        ns->user_ns = get_user_ns(task_cred_xxx(tsk, user)->user_ns);
+        ns->user_ns = get_user_ns(task_cred_xxx(tsk, user_ns));
        return ns;
 }
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index ee8d49b9c309..24e0a5a94824 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -198,7 +198,7 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode)
                return 0;
        rcu_read_lock();
        tcred = __task_cred(task);
-        if (cred->user->user_ns == tcred->user->user_ns &&
+        if (cred->user_ns == tcred->user_ns &&
            (cred->uid == tcred->euid &&
             cred->uid == tcred->suid &&
             cred->uid == tcred->uid  &&
@@ -206,7 +206,7 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode)
             cred->gid == tcred->sgid &&
             cred->gid == tcred->gid))
                goto ok;
-        if (ptrace_has_cap(tcred->user->user_ns, mode))
+        if (ptrace_has_cap(tcred->user_ns, mode))
                goto ok;
        rcu_read_unlock();
        return -EPERM;
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index 4603b9d8f30a..96bff855b866 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -4042,7 +4042,7 @@ static bool check_same_owner(struct task_struct *p)
        rcu_read_lock();
        pcred = __task_cred(p);
-        if (cred->user->user_ns == pcred->user->user_ns)
+        if (cred->user_ns == pcred->user_ns)
                match = (cred->euid == pcred->euid ||
                         cred->euid == pcred->uid);
        else
diff --git a/kernel/signal.c b/kernel/signal.c
index 17afcaf582d0..e2c5d84f2dac 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -767,14 +767,14 @@ static int kill_ok_by_cred(struct task_struct *t)
        const struct cred *cred = current_cred();
        const struct cred *tcred = __task_cred(t);
-        if (cred->user->user_ns == tcred->user->user_ns &&
+        if (cred->user_ns == tcred->user_ns &&
            (cred->euid == tcred->suid ||
             cred->euid == tcred->uid ||
             cred->uid  == tcred->suid ||
             cred->uid  == tcred->uid))
                return 1;
-        if (ns_capable(tcred->user->user_ns, CAP_KILL))
+        if (ns_capable(tcred->user_ns, CAP_KILL))
                return 1;
        return 0;
diff --git a/kernel/sys.c b/kernel/sys.c
index f7a43514ac65..82d8714bbede 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -133,11 +133,11 @@ static bool set_one_prio_perm(struct task_struct *p)
 {
        const struct cred *cred = current_cred(), *pcred = __task_cred(p);
-        if (pcred->user->user_ns == cred->user->user_ns &&
+        if (pcred->user_ns == cred->user_ns &&
            (pcred->uid  == cred->euid ||
             pcred->euid == cred->euid))
                return true;
-        if (ns_capable(pcred->user->user_ns, CAP_SYS_NICE))
+        if (ns_capable(pcred->user_ns, CAP_SYS_NICE))
                return true;
        return false;
 }
@@ -1498,7 +1498,7 @@ static int check_prlimit_permission(struct task_struct *task)
                return 0;
        tcred = __task_cred(task);
-        if (cred->user->user_ns == tcred->user->user_ns &&
+        if (cred->user_ns == tcred->user_ns &&
            (cred->uid == tcred->euid &&
             cred->uid == tcred->suid &&
             cred->uid == tcred->uid  &&
@@ -1506,7 +1506,7 @@ static int check_prlimit_permission(struct task_struct *task)
             cred->gid == tcred->sgid &&
             cred->gid == tcred->gid))
                return 0;
-        if (ns_capable(tcred->user->user_ns, CAP_SYS_RESOURCE))
+        if (ns_capable(tcred->user_ns, CAP_SYS_RESOURCE))
                return 0;
        return -EPERM;
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 3b906e98b1db..f084083a0fd3 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -90,7 +90,7 @@ uid_t user_ns_map_uid(struct user_namespace *to, const struct cred *cred, uid_t
 {
        struct user_namespace *tmp;
-        if (likely(to == cred->user->user_ns))
+        if (likely(to == cred->user_ns))
                return uid;
@@ -112,7 +112,7 @@ gid_t user_ns_map_gid(struct user_namespace *to, const struct cred *cred, gid_t
 {
        struct user_namespace *tmp;
-        if (likely(to == cred->user->user_ns))
+        if (likely(to == cred->user_ns))
                return gid;
        /* Is cred->user the creator of the target user_ns
diff --git a/kernel/utsname.c b/kernel/utsname.c
index 405caf91aad5..679d97a5d3fd 100644
--- a/kernel/utsname.c
+++ b/kernel/utsname.c
@@ -43,7 +43,7 @@ static struct uts_namespace *clone_uts_ns(struct task_struct *tsk,
        down_read(&uts_sem);
        memcpy(&ns->name, &old_ns->name, sizeof(ns->name));
-        ns->user_ns = get_user_ns(task_cred_xxx(tsk, user)->user_ns);
+        ns->user_ns = get_user_ns(task_cred_xxx(tsk, user_ns));
        up_read(&uts_sem);
        return ns;
 }
diff --git a/security/commoncap.c b/security/commoncap.c
index 0cf4b53480a7..8b3e10e2eac7 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -81,7 +81,7 @@ int cap_capable(const struct cred *cred, struct user_namespace *targ_ns,
                        return 0;
                /* Do we have the necessary capabilities? */
-                if (targ_ns == cred->user->user_ns)
+                if (targ_ns == cred->user_ns)
                        return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM;
                /* Have we tried all of the parent namespaces? */
@@ -136,10 +136,10 @@ int cap_ptrace_access_check(struct task_struct *child, unsigned int mode)
        rcu_read_lock();
        cred = current_cred();
        child_cred = __task_cred(child);
-        if (cred->user->user_ns == child_cred->user->user_ns &&
+        if (cred->user_ns == child_cred->user_ns &&
            cap_issubset(child_cred->cap_permitted, cred->cap_permitted))
                goto out;
-        if (ns_capable(child_cred->user->user_ns, CAP_SYS_PTRACE))
+        if (ns_capable(child_cred->user_ns, CAP_SYS_PTRACE))
                goto out;
        ret = -EPERM;
 out:
@@ -168,10 +168,10 @@ int cap_ptrace_traceme(struct task_struct *parent)
        rcu_read_lock();
        cred = __task_cred(parent);
        child_cred = current_cred();
-        if (cred->user->user_ns == child_cred->user->user_ns &&
+        if (cred->user_ns == child_cred->user_ns &&
            cap_issubset(child_cred->cap_permitted, cred->cap_permitted))
                goto out;
-        if (has_ns_capability(parent, child_cred->user->user_ns, CAP_SYS_PTRACE))
+        if (has_ns_capability(parent, child_cred->user_ns, CAP_SYS_PTRACE))
                goto out;
        ret = -EPERM;
 out:
@@ -214,7 +214,7 @@ static inline int cap_inh_is_capped(void)
        /* they are so limited unless the current task has the CAP_SETPCAP
         * capability
         */
-        if (cap_capable(current_cred(), current_cred()->user->user_ns,
+        if (cap_capable(current_cred(), current_cred()->user_ns,
                        CAP_SETPCAP, SECURITY_CAP_AUDIT) == 0)
                return 0;
        return 1;
@@ -866,7 +866,7 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
                    || ((new->securebits & SECURE_ALL_LOCKS & ~arg2))   /*[2]*/
                    || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS))   /*[3]*/
                    || (cap_capable(current_cred(),
-                                    current_cred()->user->user_ns, CAP_SETPCAP,
+                                    current_cred()->user_ns, CAP_SETPCAP,
                                    SECURITY_CAP_AUDIT) != 0)           /*[4]*/
                        /*
                         * [1] no changing of bits that are locked
diff --git a/security/keys/key.c b/security/keys/key.c
index 06783cffb3af..7e6034793af3 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -253,7 +253,7 @@ struct key *key_alloc(struct key_type *type, const char *desc,
        quotalen = desclen + type->def_datalen;
        /* get hold of the key tracking for this user */
-        user = key_user_lookup(uid, cred->user->user_ns);
+        user = key_user_lookup(uid, cred->user_ns);
        if (!user)
                goto no_memory_1;
diff --git a/security/keys/permission.c b/security/keys/permission.c
index c35b5229e3cd..e146cbd714bd 100644
--- a/security/keys/permission.c
+++ b/security/keys/permission.c
@@ -36,7 +36,7 @@ int key_task_permission(const key_ref_t key_ref, const struct cred *cred,
        key = key_ref_to_ptr(key_ref);
-        if (key->user->user_ns != cred->user->user_ns)
+        if (key->user->user_ns != cred->user_ns)
                goto use_other_perms;
        /* use the second 8-bits of permissions for keys the caller owns */
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index be7ecb2018dd..70febff06da9 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -858,7 +858,7 @@ void key_replace_session_keyring(void)
        new-> sgid      = old-> sgid;
        new->fsgid      = old->fsgid;
        new->user       = get_uid(old->user);
-        new->user_ns    = new->user->user_ns;
+        new->user_ns    = new->user_ns;
        new->group_info = get_group_info(old->group_info);
        new->securebits = old->securebits;

diff --git a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c index ab2248090515..a750f957b145 100644 --- a/fs/ecryptfs/messaging.c +++ b/fs/ecryptfs/messaging.c
@@ -303,7 +303,7 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid,
303	mutex_unlock(&ecryptfs_daemon_hash_mux);	303	mutex_unlock(&ecryptfs_daemon_hash_mux);
304	goto wake_up;	304	goto wake_up;
305	}	305	}
306	tsk_user_ns = __task_cred(msg_ctx->task)->user->user_ns;	306	tsk_user_ns = __task_cred(msg_ctx->task)->user_ns;
307	ctx_euid = task_euid(msg_ctx->task);	307	ctx_euid = task_euid(msg_ctx->task);
308	rc = ecryptfs_find_daemon_by_euid(&daemon, ctx_euid, tsk_user_ns);	308	rc = ecryptfs_find_daemon_by_euid(&daemon, ctx_euid, tsk_user_ns);
309	rcu_read_unlock();	309	rcu_read_unlock();


diff --git a/ipc/namespace.c b/ipc/namespace.c index ce0a647869b1..f362298c5ce4 100644 --- a/ipc/namespace.c +++ b/ipc/namespace.c
@@ -46,7 +46,7 @@ static struct ipc_namespace create_ipc_ns(struct task_struct tsk,
46	ipcns_notify(IPCNS_CREATED);	46	ipcns_notify(IPCNS_CREATED);
47	register_ipcns_notifier(ns);	47	register_ipcns_notifier(ns);
48		48
49	ns->user_ns = get_user_ns(task_cred_xxx(tsk, user)->user_ns);	49	ns->user_ns = get_user_ns(task_cred_xxx(tsk, user_ns));
50		50
51	return ns;	51	return ns;
52	}	52	}


diff --git a/kernel/ptrace.c b/kernel/ptrace.c index ee8d49b9c309..24e0a5a94824 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c
@@ -198,7 +198,7 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode)
198	return 0;	198	return 0;
199	rcu_read_lock();	199	rcu_read_lock();
200	tcred = __task_cred(task);	200	tcred = __task_cred(task);
201	if (cred->user->user_ns == tcred->user->user_ns &&	201	if (cred->user_ns == tcred->user_ns &&
202	(cred->uid == tcred->euid &&	202	(cred->uid == tcred->euid &&
203	cred->uid == tcred->suid &&	203	cred->uid == tcred->suid &&
204	cred->uid == tcred->uid &&	204	cred->uid == tcred->uid &&
@@ -206,7 +206,7 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode)
206	cred->gid == tcred->sgid &&	206	cred->gid == tcred->sgid &&
207	cred->gid == tcred->gid))	207	cred->gid == tcred->gid))
208	goto ok;	208	goto ok;
209	if (ptrace_has_cap(tcred->user->user_ns, mode))	209	if (ptrace_has_cap(tcred->user_ns, mode))
210	goto ok;	210	goto ok;
211	rcu_read_unlock();	211	rcu_read_unlock();
212	return -EPERM;	212	return -EPERM;


diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 4603b9d8f30a..96bff855b866 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c
@@ -4042,7 +4042,7 @@ static bool check_same_owner(struct task_struct *p)
4042		4042
4043	rcu_read_lock();	4043	rcu_read_lock();
4044	pcred = __task_cred(p);	4044	pcred = __task_cred(p);
4045	if (cred->user->user_ns == pcred->user->user_ns)	4045	if (cred->user_ns == pcred->user_ns)
4046	match = (cred->euid == pcred->euid \|\|	4046	match = (cred->euid == pcred->euid \|\|
4047	cred->euid == pcred->uid);	4047	cred->euid == pcred->uid);
4048	else	4048	else


diff --git a/kernel/signal.c b/kernel/signal.c index 17afcaf582d0..e2c5d84f2dac 100644 --- a/kernel/signal.c +++ b/kernel/signal.c
@@ -767,14 +767,14 @@ static int kill_ok_by_cred(struct task_struct *t)
767	const struct cred *cred = current_cred();	767	const struct cred *cred = current_cred();
768	const struct cred *tcred = __task_cred(t);	768	const struct cred *tcred = __task_cred(t);
769		769
770	if (cred->user->user_ns == tcred->user->user_ns &&	770	if (cred->user_ns == tcred->user_ns &&
771	(cred->euid == tcred->suid \|\|	771	(cred->euid == tcred->suid \|\|
772	cred->euid == tcred->uid \|\|	772	cred->euid == tcred->uid \|\|
773	cred->uid == tcred->suid \|\|	773	cred->uid == tcred->suid \|\|
774	cred->uid == tcred->uid))	774	cred->uid == tcred->uid))
775	return 1;	775	return 1;
776		776
777	if (ns_capable(tcred->user->user_ns, CAP_KILL))	777	if (ns_capable(tcred->user_ns, CAP_KILL))
778	return 1;	778	return 1;
779		779
780	return 0;	780	return 0;


diff --git a/kernel/sys.c b/kernel/sys.c index f7a43514ac65..82d8714bbede 100644 --- a/kernel/sys.c +++ b/kernel/sys.c
@@ -133,11 +133,11 @@ static bool set_one_prio_perm(struct task_struct *p)
133	{	133	{
134	const struct cred cred = current_cred(), pcred = __task_cred(p);	134	const struct cred cred = current_cred(), pcred = __task_cred(p);
135		135
136	if (pcred->user->user_ns == cred->user->user_ns &&	136	if (pcred->user_ns == cred->user_ns &&
137	(pcred->uid == cred->euid \|\|	137	(pcred->uid == cred->euid \|\|
138	pcred->euid == cred->euid))	138	pcred->euid == cred->euid))
139	return true;	139	return true;
140	if (ns_capable(pcred->user->user_ns, CAP_SYS_NICE))	140	if (ns_capable(pcred->user_ns, CAP_SYS_NICE))
141	return true;	141	return true;
142	return false;	142	return false;
143	}	143	}
@@ -1498,7 +1498,7 @@ static int check_prlimit_permission(struct task_struct *task)
1498	return 0;	1498	return 0;
1499		1499
1500	tcred = __task_cred(task);	1500	tcred = __task_cred(task);
1501	if (cred->user->user_ns == tcred->user->user_ns &&	1501	if (cred->user_ns == tcred->user_ns &&
1502	(cred->uid == tcred->euid &&	1502	(cred->uid == tcred->euid &&
1503	cred->uid == tcred->suid &&	1503	cred->uid == tcred->suid &&
1504	cred->uid == tcred->uid &&	1504	cred->uid == tcred->uid &&
@@ -1506,7 +1506,7 @@ static int check_prlimit_permission(struct task_struct *task)
1506	cred->gid == tcred->sgid &&	1506	cred->gid == tcred->sgid &&
1507	cred->gid == tcred->gid))	1507	cred->gid == tcred->gid))
1508	return 0;	1508	return 0;
1509	if (ns_capable(tcred->user->user_ns, CAP_SYS_RESOURCE))	1509	if (ns_capable(tcred->user_ns, CAP_SYS_RESOURCE))
1510	return 0;	1510	return 0;
1511		1511
1512	return -EPERM;	1512	return -EPERM;


diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index 3b906e98b1db..f084083a0fd3 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c
@@ -90,7 +90,7 @@ uid_t user_ns_map_uid(struct user_namespace to, const struct cred cred, uid_t
90	{	90	{
91	struct user_namespace *tmp;	91	struct user_namespace *tmp;
92		92
93	if (likely(to == cred->user->user_ns))	93	if (likely(to == cred->user_ns))
94	return uid;	94	return uid;
95		95
96		96
@@ -112,7 +112,7 @@ gid_t user_ns_map_gid(struct user_namespace to, const struct cred cred, gid_t
112	{	112	{
113	struct user_namespace *tmp;	113	struct user_namespace *tmp;
114		114
115	if (likely(to == cred->user->user_ns))	115	if (likely(to == cred->user_ns))
116	return gid;	116	return gid;
117		117
118	/* Is cred->user the creator of the target user_ns	118	/* Is cred->user the creator of the target user_ns


diff --git a/kernel/utsname.c b/kernel/utsname.c index 405caf91aad5..679d97a5d3fd 100644 --- a/kernel/utsname.c +++ b/kernel/utsname.c
@@ -43,7 +43,7 @@ static struct uts_namespace clone_uts_ns(struct task_struct tsk,
43		43
44	down_read(&uts_sem);	44	down_read(&uts_sem);
45	memcpy(&ns->name, &old_ns->name, sizeof(ns->name));	45	memcpy(&ns->name, &old_ns->name, sizeof(ns->name));
46	ns->user_ns = get_user_ns(task_cred_xxx(tsk, user)->user_ns);	46	ns->user_ns = get_user_ns(task_cred_xxx(tsk, user_ns));
47	up_read(&uts_sem);	47	up_read(&uts_sem);
48	return ns;	48	return ns;
49	}	49	}


diff --git a/security/commoncap.c b/security/commoncap.c index 0cf4b53480a7..8b3e10e2eac7 100644 --- a/security/commoncap.c +++ b/security/commoncap.c
@@ -81,7 +81,7 @@ int cap_capable(const struct cred cred, struct user_namespace targ_ns,
81	return 0;	81	return 0;
82		82
83	/* Do we have the necessary capabilities? */	83	/* Do we have the necessary capabilities? */
84	if (targ_ns == cred->user->user_ns)	84	if (targ_ns == cred->user_ns)
85	return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM;	85	return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM;
86		86
87	/* Have we tried all of the parent namespaces? */	87	/* Have we tried all of the parent namespaces? */
@@ -136,10 +136,10 @@ int cap_ptrace_access_check(struct task_struct *child, unsigned int mode)
136	rcu_read_lock();	136	rcu_read_lock();
137	cred = current_cred();	137	cred = current_cred();
138	child_cred = __task_cred(child);	138	child_cred = __task_cred(child);
139	if (cred->user->user_ns == child_cred->user->user_ns &&	139	if (cred->user_ns == child_cred->user_ns &&
140	cap_issubset(child_cred->cap_permitted, cred->cap_permitted))	140	cap_issubset(child_cred->cap_permitted, cred->cap_permitted))
141	goto out;	141	goto out;
142	if (ns_capable(child_cred->user->user_ns, CAP_SYS_PTRACE))	142	if (ns_capable(child_cred->user_ns, CAP_SYS_PTRACE))
143	goto out;	143	goto out;
144	ret = -EPERM;	144	ret = -EPERM;
145	out:	145	out:
@@ -168,10 +168,10 @@ int cap_ptrace_traceme(struct task_struct *parent)
168	rcu_read_lock();	168	rcu_read_lock();
169	cred = __task_cred(parent);	169	cred = __task_cred(parent);
170	child_cred = current_cred();	170	child_cred = current_cred();
171	if (cred->user->user_ns == child_cred->user->user_ns &&	171	if (cred->user_ns == child_cred->user_ns &&
172	cap_issubset(child_cred->cap_permitted, cred->cap_permitted))	172	cap_issubset(child_cred->cap_permitted, cred->cap_permitted))
173	goto out;	173	goto out;
174	if (has_ns_capability(parent, child_cred->user->user_ns, CAP_SYS_PTRACE))	174	if (has_ns_capability(parent, child_cred->user_ns, CAP_SYS_PTRACE))
175	goto out;	175	goto out;
176	ret = -EPERM;	176	ret = -EPERM;
177	out:	177	out:
@@ -214,7 +214,7 @@ static inline int cap_inh_is_capped(void)
214	/* they are so limited unless the current task has the CAP_SETPCAP	214	/* they are so limited unless the current task has the CAP_SETPCAP
215	* capability	215	* capability
216	*/	216	*/
217	if (cap_capable(current_cred(), current_cred()->user->user_ns,	217	if (cap_capable(current_cred(), current_cred()->user_ns,
218	CAP_SETPCAP, SECURITY_CAP_AUDIT) == 0)	218	CAP_SETPCAP, SECURITY_CAP_AUDIT) == 0)
219	return 0;	219	return 0;
220	return 1;	220	return 1;
@@ -866,7 +866,7 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
866	\|\| ((new->securebits & SECURE_ALL_LOCKS & ~arg2)) /[2]/	866	\|\| ((new->securebits & SECURE_ALL_LOCKS & ~arg2)) /[2]/
867	\|\| (arg2 & ~(SECURE_ALL_LOCKS \| SECURE_ALL_BITS)) /[3]/	867	\|\| (arg2 & ~(SECURE_ALL_LOCKS \| SECURE_ALL_BITS)) /[3]/
868	\|\| (cap_capable(current_cred(),	868	\|\| (cap_capable(current_cred(),
869	current_cred()->user->user_ns, CAP_SETPCAP,	869	current_cred()->user_ns, CAP_SETPCAP,
870	SECURITY_CAP_AUDIT) != 0) /[4]/	870	SECURITY_CAP_AUDIT) != 0) /[4]/
871	/*	871	/*
872	* [1] no changing of bits that are locked	872	* [1] no changing of bits that are locked


diff --git a/security/keys/key.c b/security/keys/key.c index 06783cffb3af..7e6034793af3 100644 --- a/security/keys/key.c +++ b/security/keys/key.c
@@ -253,7 +253,7 @@ struct key key_alloc(struct key_type type, const char *desc,
253	quotalen = desclen + type->def_datalen;	253	quotalen = desclen + type->def_datalen;
254		254
255	/* get hold of the key tracking for this user */	255	/* get hold of the key tracking for this user */
256	user = key_user_lookup(uid, cred->user->user_ns);	256	user = key_user_lookup(uid, cred->user_ns);
257	if (!user)	257	if (!user)
258	goto no_memory_1;	258	goto no_memory_1;
259		259


diff --git a/security/keys/permission.c b/security/keys/permission.c index c35b5229e3cd..e146cbd714bd 100644 --- a/security/keys/permission.c +++ b/security/keys/permission.c
@@ -36,7 +36,7 @@ int key_task_permission(const key_ref_t key_ref, const struct cred *cred,
36		36
37	key = key_ref_to_ptr(key_ref);	37	key = key_ref_to_ptr(key_ref);
38		38
39	if (key->user->user_ns != cred->user->user_ns)	39	if (key->user->user_ns != cred->user_ns)
40	goto use_other_perms;	40	goto use_other_perms;
41		41
42	/* use the second 8-bits of permissions for keys the caller owns */	42	/* use the second 8-bits of permissions for keys the caller owns */


diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index be7ecb2018dd..70febff06da9 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c
@@ -858,7 +858,7 @@ void key_replace_session_keyring(void)
858	new-> sgid = old-> sgid;	858	new-> sgid = old-> sgid;
859	new->fsgid = old->fsgid;	859	new->fsgid = old->fsgid;
860	new->user = get_uid(old->user);	860	new->user = get_uid(old->user);
861	new->user_ns = new->user->user_ns;	861	new->user_ns = new->user_ns;
862	new->group_info = get_group_info(old->group_info);	862	new->group_info = get_group_info(old->group_info);
863		863
864	new->securebits = old->securebits;	864	new->securebits = old->securebits;