diff options
Diffstat (limited to 'kernel/user_namespace.c')
| -rw-r--r-- | kernel/user_namespace.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index ce92f7e6290a..89f6eaed067a 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c | |||
| @@ -391,7 +391,7 @@ static int uid_m_show(struct seq_file *seq, void *v) | |||
| 391 | struct user_namespace *lower_ns; | 391 | struct user_namespace *lower_ns; |
| 392 | uid_t lower; | 392 | uid_t lower; |
| 393 | 393 | ||
| 394 | lower_ns = current_user_ns(); | 394 | lower_ns = seq_user_ns(seq); |
| 395 | if ((lower_ns == ns) && lower_ns->parent) | 395 | if ((lower_ns == ns) && lower_ns->parent) |
| 396 | lower_ns = lower_ns->parent; | 396 | lower_ns = lower_ns->parent; |
| 397 | 397 | ||
| @@ -412,7 +412,7 @@ static int gid_m_show(struct seq_file *seq, void *v) | |||
| 412 | struct user_namespace *lower_ns; | 412 | struct user_namespace *lower_ns; |
| 413 | gid_t lower; | 413 | gid_t lower; |
| 414 | 414 | ||
| 415 | lower_ns = current_user_ns(); | 415 | lower_ns = seq_user_ns(seq); |
| 416 | if ((lower_ns == ns) && lower_ns->parent) | 416 | if ((lower_ns == ns) && lower_ns->parent) |
| 417 | lower_ns = lower_ns->parent; | 417 | lower_ns = lower_ns->parent; |
| 418 | 418 | ||
| @@ -688,10 +688,14 @@ ssize_t proc_uid_map_write(struct file *file, const char __user *buf, size_t siz | |||
| 688 | { | 688 | { |
| 689 | struct seq_file *seq = file->private_data; | 689 | struct seq_file *seq = file->private_data; |
| 690 | struct user_namespace *ns = seq->private; | 690 | struct user_namespace *ns = seq->private; |
| 691 | struct user_namespace *seq_ns = seq_user_ns(seq); | ||
| 691 | 692 | ||
| 692 | if (!ns->parent) | 693 | if (!ns->parent) |
| 693 | return -EPERM; | 694 | return -EPERM; |
| 694 | 695 | ||
| 696 | if ((seq_ns != ns) && (seq_ns != ns->parent)) | ||
| 697 | return -EPERM; | ||
| 698 | |||
| 695 | return map_write(file, buf, size, ppos, CAP_SETUID, | 699 | return map_write(file, buf, size, ppos, CAP_SETUID, |
| 696 | &ns->uid_map, &ns->parent->uid_map); | 700 | &ns->uid_map, &ns->parent->uid_map); |
| 697 | } | 701 | } |
| @@ -700,10 +704,14 @@ ssize_t proc_gid_map_write(struct file *file, const char __user *buf, size_t siz | |||
| 700 | { | 704 | { |
| 701 | struct seq_file *seq = file->private_data; | 705 | struct seq_file *seq = file->private_data; |
| 702 | struct user_namespace *ns = seq->private; | 706 | struct user_namespace *ns = seq->private; |
| 707 | struct user_namespace *seq_ns = seq_user_ns(seq); | ||
| 703 | 708 | ||
| 704 | if (!ns->parent) | 709 | if (!ns->parent) |
| 705 | return -EPERM; | 710 | return -EPERM; |
| 706 | 711 | ||
| 712 | if ((seq_ns != ns) && (seq_ns != ns->parent)) | ||
| 713 | return -EPERM; | ||
| 714 | |||
| 707 | return map_write(file, buf, size, ppos, CAP_SETGID, | 715 | return map_write(file, buf, size, ppos, CAP_SETGID, |
| 708 | &ns->gid_map, &ns->parent->gid_map); | 716 | &ns->gid_map, &ns->parent->gid_map); |
| 709 | } | 717 | } |