userns: Convert capabilities related permsion checks

- Use uid_eq when comparing kuids Use gid_eq when comparing kgids - Use make_kuid(user_ns, 0) to talk about the user_namespace root uid Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
author: Eric W. Biederman <ebiederm@xmission.com> 2012-02-08 01:45:47 +0100
committer: Eric W. Biederman <ebiederm@xmission.com> 2012-05-03 12:28:40 +0200
commit: 18815a18085364d8514c0d0c4c986776cb74272c (patch)
tree: a931fb2eee31aee6f8d83ef4493071b9827b1b9f /fs/open.c
parent: userns: Convert sched_set_affinity and sched_set_scheduler's permission checks (diff)
download: linux-18815a18085364d8514c0d0c4c986776cb74272c.tar.xz
linux-18815a18085364d8514c0d0c4c986776cb74272c.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/open.c b/fs/open.c
index 5720854156db..92335f663545 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -316,7 +316,8 @@ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode)
 
 	if (!issecure(SECURE_NO_SETUID_FIXUP)) {
 		/* Clear the capabilities if we switch to a non-root user */
-		if (override_cred->uid)
+		kuid_t root_uid = make_kuid(override_cred->user_ns, 0);
+		if (!uid_eq(override_cred->uid, root_uid))
 			cap_clear(override_cred->cap_effective);
 		else
 			override_cred->cap_effective =
author	Eric W. Biederman <ebiederm@xmission.com>	2012-02-08 01:45:47 +0100
committer	Eric W. Biederman <ebiederm@xmission.com>	2012-05-03 12:28:40 +0200
commit	18815a18085364d8514c0d0c4c986776cb74272c (patch)
tree	a931fb2eee31aee6f8d83ef4493071b9827b1b9f /fs/open.c
parent	userns: Convert sched_set_affinity and sched_set_scheduler's permission checks (diff)
download	linux-18815a18085364d8514c0d0c4c986776cb74272c.tar.xz linux-18815a18085364d8514c0d0c4c986776cb74272c.zip