diff options
Diffstat (limited to 'kernel/nsproxy.c')
| -rw-r--r-- | kernel/nsproxy.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c index 2ddd81657a2a..78e2ecb20165 100644 --- a/kernel/nsproxy.c +++ b/kernel/nsproxy.c | |||
| @@ -186,7 +186,7 @@ void free_nsproxy(struct nsproxy *ns) | |||
| 186 | * On success, returns the new nsproxy. | 186 | * On success, returns the new nsproxy. |
| 187 | */ | 187 | */ |
| 188 | int unshare_nsproxy_namespaces(unsigned long unshare_flags, | 188 | int unshare_nsproxy_namespaces(unsigned long unshare_flags, |
| 189 | struct nsproxy **new_nsp, struct fs_struct *new_fs) | 189 | struct nsproxy **new_nsp, struct cred *new_cred, struct fs_struct *new_fs) |
| 190 | { | 190 | { |
| 191 | struct user_namespace *user_ns; | 191 | struct user_namespace *user_ns; |
| 192 | int err = 0; | 192 | int err = 0; |
| @@ -195,12 +195,12 @@ int unshare_nsproxy_namespaces(unsigned long unshare_flags, | |||
| 195 | CLONE_NEWNET | CLONE_NEWPID))) | 195 | CLONE_NEWNET | CLONE_NEWPID))) |
| 196 | return 0; | 196 | return 0; |
| 197 | 197 | ||
| 198 | if (!nsown_capable(CAP_SYS_ADMIN)) | 198 | user_ns = new_cred ? new_cred->user_ns : current_user_ns(); |
| 199 | if (!ns_capable(user_ns, CAP_SYS_ADMIN)) | ||
| 199 | return -EPERM; | 200 | return -EPERM; |
| 200 | 201 | ||
| 201 | user_ns = current_user_ns(); | ||
| 202 | *new_nsp = create_new_namespaces(unshare_flags, current, user_ns, | 202 | *new_nsp = create_new_namespaces(unshare_flags, current, user_ns, |
| 203 | new_fs ? new_fs : current->fs); | 203 | new_fs ? new_fs : current->fs); |
| 204 | if (IS_ERR(*new_nsp)) { | 204 | if (IS_ERR(*new_nsp)) { |
| 205 | err = PTR_ERR(*new_nsp); | 205 | err = PTR_ERR(*new_nsp); |
| 206 | goto out; | 206 | goto out; |