leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace

Browse Source 
Pull (again) user namespace infrastructure changes from Eric Biederman:
 "Those bugs, those darn embarrasing bugs just want don't want to get
  fixed.

  Linus I just updated my mirror of your kernel.org tree and it appears
  you successfully pulled everything except the last 4 commits that fix
  those embarrasing bugs.

  When you get a chance can you please repull my branch"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
  userns: Fix typo in description of the limitation of userns_install
  userns: Add a more complete capability subset test to commit_creds
  userns: Require CAP_SYS_ADMIN for most uses of setns.
  Fix cap_capable to only allow owners in the parent user namespace to have caps.
This commit is contained in:
Linus Torvalds
2012-12-18 10:55:28 -08:00
parent 4351654e3d 5155040ed3
commit a2faf2fc53
8 changed files with 54 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
net/core/net_namespace.c
View File

@@ -649,7 +649,8 @@ static int netns_install(struct nsproxy *nsproxy, void *ns)
{
struct net *net = ns;
if (!ns_capable(net->user_ns, CAP_SYS_ADMIN))
if (!ns_capable(net->user_ns, CAP_SYS_ADMIN) ||
!nsown_capable(CAP_SYS_ADMIN))
return -EPERM;
put_net(nsproxy->net_ns);