diff options
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/capability.c | 14 | ||||
| -rw-r--r-- | kernel/ptrace.c | 4 | ||||
| -rw-r--r-- | kernel/sched.c | 2 |
3 files changed, 3 insertions, 17 deletions
diff --git a/kernel/capability.c b/kernel/capability.c index 47626446c39a..74fb3b603045 100644 --- a/kernel/capability.c +++ b/kernel/capability.c | |||
| @@ -409,20 +409,6 @@ bool capable(int cap) | |||
| 409 | EXPORT_SYMBOL(capable); | 409 | EXPORT_SYMBOL(capable); |
| 410 | 410 | ||
| 411 | /** | 411 | /** |
| 412 | * task_ns_capable - Determine whether current task has a superior | ||
| 413 | * capability targeted at a specific task's user namespace. | ||
| 414 | * @t: The task whose user namespace is targeted. | ||
| 415 | * @cap: The capability in question. | ||
| 416 | * | ||
| 417 | * Return true if it does, false otherwise. | ||
| 418 | */ | ||
| 419 | bool task_ns_capable(struct task_struct *t, int cap) | ||
| 420 | { | ||
| 421 | return ns_capable(task_cred_xxx(t, user)->user_ns, cap); | ||
| 422 | } | ||
| 423 | EXPORT_SYMBOL(task_ns_capable); | ||
| 424 | |||
| 425 | /** | ||
| 426 | * nsown_capable - Check superior capability to one's own user_ns | 412 | * nsown_capable - Check superior capability to one's own user_ns |
| 427 | * @cap: The capability in question | 413 | * @cap: The capability in question |
| 428 | * | 414 | * |
diff --git a/kernel/ptrace.c b/kernel/ptrace.c index a70d2a5d8c7b..210bbf045ee9 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c | |||
| @@ -196,7 +196,7 @@ ok: | |||
| 196 | smp_rmb(); | 196 | smp_rmb(); |
| 197 | if (task->mm) | 197 | if (task->mm) |
| 198 | dumpable = get_dumpable(task->mm); | 198 | dumpable = get_dumpable(task->mm); |
| 199 | if (!dumpable && !task_ns_capable(task, CAP_SYS_PTRACE)) | 199 | if (!dumpable && !ns_capable(task_user_ns(task), CAP_SYS_PTRACE)) |
| 200 | return -EPERM; | 200 | return -EPERM; |
| 201 | 201 | ||
| 202 | return security_ptrace_access_check(task, mode); | 202 | return security_ptrace_access_check(task, mode); |
| @@ -266,7 +266,7 @@ static int ptrace_attach(struct task_struct *task, long request, | |||
| 266 | task->ptrace = PT_PTRACED; | 266 | task->ptrace = PT_PTRACED; |
| 267 | if (seize) | 267 | if (seize) |
| 268 | task->ptrace |= PT_SEIZED; | 268 | task->ptrace |= PT_SEIZED; |
| 269 | if (task_ns_capable(task, CAP_SYS_PTRACE)) | 269 | if (ns_capable(task_user_ns(task), CAP_SYS_PTRACE)) |
| 270 | task->ptrace |= PT_PTRACE_CAP; | 270 | task->ptrace |= PT_PTRACE_CAP; |
| 271 | 271 | ||
| 272 | __ptrace_link(task, current); | 272 | __ptrace_link(task, current); |
diff --git a/kernel/sched.c b/kernel/sched.c index b50b0f0c9aa9..5670028a9c16 100644 --- a/kernel/sched.c +++ b/kernel/sched.c | |||
| @@ -5409,7 +5409,7 @@ long sched_setaffinity(pid_t pid, const struct cpumask *in_mask) | |||
| 5409 | goto out_free_cpus_allowed; | 5409 | goto out_free_cpus_allowed; |
| 5410 | } | 5410 | } |
| 5411 | retval = -EPERM; | 5411 | retval = -EPERM; |
| 5412 | if (!check_same_owner(p) && !task_ns_capable(p, CAP_SYS_NICE)) | 5412 | if (!check_same_owner(p) && !ns_capable(task_user_ns(p), CAP_SYS_NICE)) |
| 5413 | goto out_unlock; | 5413 | goto out_unlock; |
| 5414 | 5414 | ||
| 5415 | retval = security_task_setscheduler(p); | 5415 | retval = security_task_setscheduler(p); |