userns: Handle -1 in k[ug]id_has_mapping when !CONFIG_USER_NS

Refuse to admit any user namespace has a mapping of the INVALID_UID and the INVALID_GID when !CONFIG_USER_NS. Acked-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
author: Eric W. Biederman <ebiederm@xmission.com> 2016-06-27 22:52:48 +0200
committer: Eric W. Biederman <ebiederm@xmission.com> 2016-07-01 01:04:36 +0200
commit: 37b11804ed1725dc2ea97be2236150210a69e9d5 (patch)
tree: cc8feef112a36a4b9e10ac60d673000f7de3716a /include/linux/uidgid.h
parent: fs: Refuse uid/gid changes which don't map into s_user_ns (diff)
download: linux-37b11804ed1725dc2ea97be2236150210a69e9d5.tar.xz
linux-37b11804ed1725dc2ea97be2236150210a69e9d5.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/include/linux/uidgid.h b/include/linux/uidgid.h
index 03835522dfcb..25e9d9216340 100644
--- a/include/linux/uidgid.h
+++ b/include/linux/uidgid.h
@@ -177,12 +177,12 @@ static inline gid_t from_kgid_munged(struct user_namespace *to, kgid_t kgid)
 
 static inline bool kuid_has_mapping(struct user_namespace *ns, kuid_t uid)
 {
-	return true;
+	return uid_valid(uid);
 }
 
 static inline bool kgid_has_mapping(struct user_namespace *ns, kgid_t gid)
 {
-	return true;
+	return gid_valid(gid);
 }
 
 #endif /* CONFIG_USER_NS */
author	Eric W. Biederman <ebiederm@xmission.com>	2016-06-27 22:52:48 +0200
committer	Eric W. Biederman <ebiederm@xmission.com>	2016-07-01 01:04:36 +0200
commit	37b11804ed1725dc2ea97be2236150210a69e9d5 (patch)
tree	cc8feef112a36a4b9e10ac60d673000f7de3716a /include/linux/uidgid.h
parent	fs: Refuse uid/gid changes which don't map into s_user_ns (diff)
download	linux-37b11804ed1725dc2ea97be2236150210a69e9d5.tar.xz linux-37b11804ed1725dc2ea97be2236150210a69e9d5.zip