userns: Kill nsown_capable it makes the wrong thing easy

[~andy/linux] / net / core / scm.c

diff --git a/net/core/scm.c b/net/core/scm.c
index 2dc6cdaaae8abc5f31afa57a7ccf765cc978b6ac..c346f58d97c28cc43bda5dbdd836959585f9bee3 100644 (file)
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -56,9 +56,9 @@ static __inline__ int scm_check_creds(struct ucred *creds)
        if ((creds->pid == task_tgid_vnr(current) ||
             ns_capable(current->nsproxy->pid_ns->user_ns, CAP_SYS_ADMIN)) &&
            ((uid_eq(uid, cred->uid)   || uid_eq(uid, cred->euid) ||
-             uid_eq(uid, cred->suid)) || nsown_capable(CAP_SETUID)) &&
+             uid_eq(uid, cred->suid)) || ns_capable(cred->user_ns, CAP_SETUID)) &&
            ((gid_eq(gid, cred->gid)   || gid_eq(gid, cred->egid) ||
-             gid_eq(gid, cred->sgid)) || nsown_capable(CAP_SETGID))) {
+             gid_eq(gid, cred->sgid)) || ns_capable(cred->user_ns, CAP_SETGID))) {
               return 0;
        }
        return -EPERM;
@@ -187,22 +187,6 @@ int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *p)
 
                        p->creds.uid = uid;
                        p->creds.gid = gid;
-
-                       if (!p->cred ||
-                           !uid_eq(p->cred->euid, uid) ||
-                           !gid_eq(p->cred->egid, gid)) {
-                               struct cred *cred;
-                               err = -ENOMEM;
-                               cred = prepare_creds();
-                               if (!cred)
-                                       goto error;
-
-                               cred->uid = cred->euid = uid;
-                               cred->gid = cred->egid = gid;
-                               if (p->cred)
-                                       put_cred(p->cred);
-                               p->cred = cred;
-                       }
                        break;
                }
                default:
@@ -306,8 +290,8 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
                /* Bump the usage count and install the file. */
                sock = sock_from_file(fp[i], &err);
                if (sock) {
-                       sock_update_netprioidx(sock->sk, current);
-                       sock_update_classid(sock->sk, current);
+                       sock_update_netprioidx(sock->sk);
+                       sock_update_classid(sock->sk);
                }
                fd_install(new_fd, get_file(fp[i]));
        }