1 files changed, 10 insertions, 10 deletions
diff --git a/kernel/sys.c b/kernel/sys.c
index 771129b299f8..c18ecca575b4 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -337,7 +337,7 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid)
        if (rgid != (gid_t) -1) {
                if (gid_eq(old->gid, krgid) ||
                    gid_eq(old->egid, krgid) ||
-                    nsown_capable(CAP_SETGID))
+                    ns_capable(old->user_ns, CAP_SETGID))
                        new->gid = krgid;
                else
                        goto error;
@@ -346,7 +346,7 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid)
                if (gid_eq(old->gid, kegid) ||
                    gid_eq(old->egid, kegid) ||
                    gid_eq(old->sgid, kegid) ||
-                    nsown_capable(CAP_SETGID))
+                    ns_capable(old->user_ns, CAP_SETGID))
                        new->egid = kegid;
                else
                        goto error;
@@ -387,7 +387,7 @@ SYSCALL_DEFINE1(setgid, gid_t, gid)
        old = current_cred();
        retval = -EPERM;
-        if (nsown_capable(CAP_SETGID))
+        if (ns_capable(old->user_ns, CAP_SETGID))
                new->gid = new->egid = new->sgid = new->fsgid = kgid;
        else if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->sgid))
                new->egid = new->fsgid = kgid;
@@ -471,7 +471,7 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid)
                new->uid = kruid;
                if (!uid_eq(old->uid, kruid) &&
                    !uid_eq(old->euid, kruid) &&
-                    !nsown_capable(CAP_SETUID))
+                    !ns_capable(old->user_ns, CAP_SETUID))
                        goto error;
        }
@@ -480,7 +480,7 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid)
                if (!uid_eq(old->uid, keuid) &&
                    !uid_eq(old->euid, keuid) &&
                    !uid_eq(old->suid, keuid) &&
-                    !nsown_capable(CAP_SETUID))
+                    !ns_capable(old->user_ns, CAP_SETUID))
                        goto error;
        }
@@ -534,7 +534,7 @@ SYSCALL_DEFINE1(setuid, uid_t, uid)
        old = current_cred();
        retval = -EPERM;
-        if (nsown_capable(CAP_SETUID)) {
+        if (ns_capable(old->user_ns, CAP_SETUID)) {
                new->suid = new->uid = kuid;
                if (!uid_eq(kuid, old->uid)) {
                        retval = set_user(new);
@@ -591,7 +591,7 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
        old = current_cred();
        retval = -EPERM;
-        if (!nsown_capable(CAP_SETUID)) {
+        if (!ns_capable(old->user_ns, CAP_SETUID)) {
                if (ruid != (uid_t) -1        && !uid_eq(kruid, old->uid) &&
                    !uid_eq(kruid, old->euid) && !uid_eq(kruid, old->suid))
                        goto error;
@@ -673,7 +673,7 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
        old = current_cred();
        retval = -EPERM;
-        if (!nsown_capable(CAP_SETGID)) {
+        if (!ns_capable(old->user_ns, CAP_SETGID)) {
                if (rgid != (gid_t) -1        && !gid_eq(krgid, old->gid) &&
                    !gid_eq(krgid, old->egid) && !gid_eq(krgid, old->sgid))
                        goto error;
@@ -744,7 +744,7 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
        if (uid_eq(kuid, old->uid)  || uid_eq(kuid, old->euid)  ||
            uid_eq(kuid, old->suid) || uid_eq(kuid, old->fsuid) ||
-            nsown_capable(CAP_SETUID)) {
+            ns_capable(old->user_ns, CAP_SETUID)) {
                if (!uid_eq(kuid, old->fsuid)) {
                        new->fsuid = kuid;
                        if (security_task_fix_setuid(new, old, LSM_SETID_FS) == 0)
@@ -783,7 +783,7 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
        if (gid_eq(kgid, old->gid)  || gid_eq(kgid, old->egid)  ||
            gid_eq(kgid, old->sgid) || gid_eq(kgid, old->fsgid) ||
-            nsown_capable(CAP_SETGID)) {
+            ns_capable(old->user_ns, CAP_SETGID)) {
                if (!gid_eq(kgid, old->fsgid)) {
                        new->fsgid = kgid;
                        goto change_okay;

diff --git a/kernel/sys.c b/kernel/sys.c index 771129b299f8..c18ecca575b4 100644 --- a/kernel/sys.c +++ b/kernel/sys.c
@@ -337,7 +337,7 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid)
337	if (rgid != (gid_t) -1) {	337	if (rgid != (gid_t) -1) {
338	if (gid_eq(old->gid, krgid) \|\|	338	if (gid_eq(old->gid, krgid) \|\|
339	gid_eq(old->egid, krgid) \|\|	339	gid_eq(old->egid, krgid) \|\|
340	nsown_capable(CAP_SETGID))	340	ns_capable(old->user_ns, CAP_SETGID))
341	new->gid = krgid;	341	new->gid = krgid;
342	else	342	else
343	goto error;	343	goto error;
@@ -346,7 +346,7 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid)
346	if (gid_eq(old->gid, kegid) \|\|	346	if (gid_eq(old->gid, kegid) \|\|
347	gid_eq(old->egid, kegid) \|\|	347	gid_eq(old->egid, kegid) \|\|
348	gid_eq(old->sgid, kegid) \|\|	348	gid_eq(old->sgid, kegid) \|\|
349	nsown_capable(CAP_SETGID))	349	ns_capable(old->user_ns, CAP_SETGID))
350	new->egid = kegid;	350	new->egid = kegid;
351	else	351	else
352	goto error;	352	goto error;
@@ -387,7 +387,7 @@ SYSCALL_DEFINE1(setgid, gid_t, gid)
387	old = current_cred();	387	old = current_cred();
388		388
389	retval = -EPERM;	389	retval = -EPERM;
390	if (nsown_capable(CAP_SETGID))	390	if (ns_capable(old->user_ns, CAP_SETGID))
391	new->gid = new->egid = new->sgid = new->fsgid = kgid;	391	new->gid = new->egid = new->sgid = new->fsgid = kgid;
392	else if (gid_eq(kgid, old->gid) \|\| gid_eq(kgid, old->sgid))	392	else if (gid_eq(kgid, old->gid) \|\| gid_eq(kgid, old->sgid))
393	new->egid = new->fsgid = kgid;	393	new->egid = new->fsgid = kgid;
@@ -471,7 +471,7 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid)
471	new->uid = kruid;	471	new->uid = kruid;
472	if (!uid_eq(old->uid, kruid) &&	472	if (!uid_eq(old->uid, kruid) &&
473	!uid_eq(old->euid, kruid) &&	473	!uid_eq(old->euid, kruid) &&
474	!nsown_capable(CAP_SETUID))	474	!ns_capable(old->user_ns, CAP_SETUID))
475	goto error;	475	goto error;
476	}	476	}
477		477
@@ -480,7 +480,7 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid)
480	if (!uid_eq(old->uid, keuid) &&	480	if (!uid_eq(old->uid, keuid) &&
481	!uid_eq(old->euid, keuid) &&	481	!uid_eq(old->euid, keuid) &&
482	!uid_eq(old->suid, keuid) &&	482	!uid_eq(old->suid, keuid) &&
483	!nsown_capable(CAP_SETUID))	483	!ns_capable(old->user_ns, CAP_SETUID))
484	goto error;	484	goto error;
485	}	485	}
486		486
@@ -534,7 +534,7 @@ SYSCALL_DEFINE1(setuid, uid_t, uid)
534	old = current_cred();	534	old = current_cred();
535		535
536	retval = -EPERM;	536	retval = -EPERM;
537	if (nsown_capable(CAP_SETUID)) {	537	if (ns_capable(old->user_ns, CAP_SETUID)) {
538	new->suid = new->uid = kuid;	538	new->suid = new->uid = kuid;
539	if (!uid_eq(kuid, old->uid)) {	539	if (!uid_eq(kuid, old->uid)) {
540	retval = set_user(new);	540	retval = set_user(new);
@@ -591,7 +591,7 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
591	old = current_cred();	591	old = current_cred();
592		592
593	retval = -EPERM;	593	retval = -EPERM;
594	if (!nsown_capable(CAP_SETUID)) {	594	if (!ns_capable(old->user_ns, CAP_SETUID)) {
595	if (ruid != (uid_t) -1 && !uid_eq(kruid, old->uid) &&	595	if (ruid != (uid_t) -1 && !uid_eq(kruid, old->uid) &&
596	!uid_eq(kruid, old->euid) && !uid_eq(kruid, old->suid))	596	!uid_eq(kruid, old->euid) && !uid_eq(kruid, old->suid))
597	goto error;	597	goto error;
@@ -673,7 +673,7 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
673	old = current_cred();	673	old = current_cred();
674		674
675	retval = -EPERM;	675	retval = -EPERM;
676	if (!nsown_capable(CAP_SETGID)) {	676	if (!ns_capable(old->user_ns, CAP_SETGID)) {
677	if (rgid != (gid_t) -1 && !gid_eq(krgid, old->gid) &&	677	if (rgid != (gid_t) -1 && !gid_eq(krgid, old->gid) &&
678	!gid_eq(krgid, old->egid) && !gid_eq(krgid, old->sgid))	678	!gid_eq(krgid, old->egid) && !gid_eq(krgid, old->sgid))
679	goto error;	679	goto error;
@@ -744,7 +744,7 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
744		744
745	if (uid_eq(kuid, old->uid) \|\| uid_eq(kuid, old->euid) \|\|	745	if (uid_eq(kuid, old->uid) \|\| uid_eq(kuid, old->euid) \|\|
746	uid_eq(kuid, old->suid) \|\| uid_eq(kuid, old->fsuid) \|\|	746	uid_eq(kuid, old->suid) \|\| uid_eq(kuid, old->fsuid) \|\|
747	nsown_capable(CAP_SETUID)) {	747	ns_capable(old->user_ns, CAP_SETUID)) {
748	if (!uid_eq(kuid, old->fsuid)) {	748	if (!uid_eq(kuid, old->fsuid)) {
749	new->fsuid = kuid;	749	new->fsuid = kuid;
750	if (security_task_fix_setuid(new, old, LSM_SETID_FS) == 0)	750	if (security_task_fix_setuid(new, old, LSM_SETID_FS) == 0)
@@ -783,7 +783,7 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
783		783
784	if (gid_eq(kgid, old->gid) \|\| gid_eq(kgid, old->egid) \|\|	784	if (gid_eq(kgid, old->gid) \|\| gid_eq(kgid, old->egid) \|\|
785	gid_eq(kgid, old->sgid) \|\| gid_eq(kgid, old->fsgid) \|\|	785	gid_eq(kgid, old->sgid) \|\| gid_eq(kgid, old->fsgid) \|\|
786	nsown_capable(CAP_SETGID)) {	786	ns_capable(old->user_ns, CAP_SETGID)) {
787	if (!gid_eq(kgid, old->fsgid)) {	787	if (!gid_eq(kgid, old->fsgid)) {
788	new->fsgid = kgid;	788	new->fsgid = kgid;
789	goto change_okay;	789	goto change_okay;