]> Pileus Git - ~andy/linux/blobdiff - net/core/scm.c
projects / ~andy / linux / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
userns: Kill nsown_capable it makes the wrong thing easy
[~andy/linux] / net / core / scm.c
diff --git a/net/core/scm.c b/net/core/scm.c
index 03795d0147f2995e09495c98dcf3c94cb3d5511f..c346f58d97c28cc43bda5dbdd836959585f9bee3 100644 (file)
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -56,9 +56,9 @@ static __inline__ int scm_check_creds(struct ucred *creds)
        if ((creds->pid == task_tgid_vnr(current) ||
             ns_capable(current->nsproxy->pid_ns->user_ns, CAP_SYS_ADMIN)) &&
            ((uid_eq(uid, cred->uid)   || uid_eq(uid, cred->euid) ||
-             uid_eq(uid, cred->suid)) || nsown_capable(CAP_SETUID)) &&
+             uid_eq(uid, cred->suid)) || ns_capable(cred->user_ns, CAP_SETUID)) &&
            ((gid_eq(gid, cred->gid)   || gid_eq(gid, cred->egid) ||
-             gid_eq(gid, cred->sgid)) || nsown_capable(CAP_SETGID))) {
+             gid_eq(gid, cred->sgid)) || ns_capable(cred->user_ns, CAP_SETGID))) {
               return 0;
        }
        return -EPERM;
Andy's Linux Kernel repo