diff options
Diffstat (limited to 'kernel/capability.c')
| -rw-r--r-- | kernel/capability.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/kernel/capability.c b/kernel/capability.c index cbc5fd60c0f3..efbd9cdce132 100644 --- a/kernel/capability.c +++ b/kernel/capability.c | |||
| @@ -12,6 +12,7 @@ | |||
| 12 | #include <linux/module.h> | 12 | #include <linux/module.h> |
| 13 | #include <linux/security.h> | 13 | #include <linux/security.h> |
| 14 | #include <linux/syscalls.h> | 14 | #include <linux/syscalls.h> |
| 15 | #include <linux/pid_namespace.h> | ||
| 15 | #include <asm/uaccess.h> | 16 | #include <asm/uaccess.h> |
| 16 | 17 | ||
| 17 | /* | 18 | /* |
| @@ -61,8 +62,8 @@ asmlinkage long sys_capget(cap_user_header_t header, cap_user_data_t dataptr) | |||
| 61 | spin_lock(&task_capability_lock); | 62 | spin_lock(&task_capability_lock); |
| 62 | read_lock(&tasklist_lock); | 63 | read_lock(&tasklist_lock); |
| 63 | 64 | ||
| 64 | if (pid && pid != current->pid) { | 65 | if (pid && pid != task_pid_vnr(current)) { |
| 65 | target = find_task_by_pid(pid); | 66 | target = find_task_by_vpid(pid); |
| 66 | if (!target) { | 67 | if (!target) { |
| 67 | ret = -ESRCH; | 68 | ret = -ESRCH; |
| 68 | goto out; | 69 | goto out; |
| @@ -95,7 +96,7 @@ static inline int cap_set_pg(int pgrp_nr, kernel_cap_t *effective, | |||
| 95 | int found = 0; | 96 | int found = 0; |
| 96 | struct pid *pgrp; | 97 | struct pid *pgrp; |
| 97 | 98 | ||
| 98 | pgrp = find_pid(pgrp_nr); | 99 | pgrp = find_vpid(pgrp_nr); |
| 99 | do_each_pid_task(pgrp, PIDTYPE_PGID, g) { | 100 | do_each_pid_task(pgrp, PIDTYPE_PGID, g) { |
| 100 | target = g; | 101 | target = g; |
| 101 | while_each_thread(g, target) { | 102 | while_each_thread(g, target) { |
| @@ -129,7 +130,7 @@ static inline int cap_set_all(kernel_cap_t *effective, | |||
| 129 | int found = 0; | 130 | int found = 0; |
| 130 | 131 | ||
| 131 | do_each_thread(g, target) { | 132 | do_each_thread(g, target) { |
| 132 | if (target == current || is_init(target)) | 133 | if (target == current || is_container_init(target->group_leader)) |
| 133 | continue; | 134 | continue; |
| 134 | found = 1; | 135 | found = 1; |
| 135 | if (security_capset_check(target, effective, inheritable, | 136 | if (security_capset_check(target, effective, inheritable, |
| @@ -184,7 +185,7 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data) | |||
| 184 | if (get_user(pid, &header->pid)) | 185 | if (get_user(pid, &header->pid)) |
| 185 | return -EFAULT; | 186 | return -EFAULT; |
| 186 | 187 | ||
| 187 | if (pid && pid != current->pid && !capable(CAP_SETPCAP)) | 188 | if (pid && pid != task_pid_vnr(current) && !capable(CAP_SETPCAP)) |
| 188 | return -EPERM; | 189 | return -EPERM; |
| 189 | 190 | ||
| 190 | if (copy_from_user(&effective, &data->effective, sizeof(effective)) || | 191 | if (copy_from_user(&effective, &data->effective, sizeof(effective)) || |
| @@ -195,8 +196,8 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data) | |||
| 195 | spin_lock(&task_capability_lock); | 196 | spin_lock(&task_capability_lock); |
| 196 | read_lock(&tasklist_lock); | 197 | read_lock(&tasklist_lock); |
| 197 | 198 | ||
| 198 | if (pid > 0 && pid != current->pid) { | 199 | if (pid > 0 && pid != task_pid_vnr(current)) { |
| 199 | target = find_task_by_pid(pid); | 200 | target = find_task_by_vpid(pid); |
| 200 | if (!target) { | 201 | if (!target) { |
| 201 | ret = -ESRCH; | 202 | ret = -ESRCH; |
| 202 | goto out; | 203 | goto out; |