Eric W. Biederman 92f28d973c scm: Require CAP_SYS_ADMIN over the current pidns to spoof pids. ...

Don't allow spoofing pids over unix domain sockets in the corner
cases where a user has created a user namespace but has not yet
created a pid namespace.

Cc: stable@vger.kernel.org
Reported-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

2013-03-17 17:16:16 -07:00

8.0 KiB

Raw Blame History

View Raw