From: Andy Lutomirski <luto@amacapital.net>
Date: Sun, 14 Apr 2013 18:44:04 +0000 (-0700)
Subject: userns: Changing any namespace id mappings should require privileges
X-Git-Tag: v3.9-rc8~11^2
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=41c21e351e79004dbb4efa4bc14a53a7e0af38c5;p=pandora-kernel.git

userns: Changing any namespace id mappings should require privileges

Changing uid/gid/projid mappings doesn't change your id within the
namespace; it reconfigures the namespace.  Unprivileged programs should
*not* be able to write these files.  (We're also checking the privileges
on the wrong task.)

Given the write-once nature of these files and the other security
checks, this is likely impossible to usefully exploit.

Signed-off-by: Andy Lutomirski <luto@amacapital.net>
---

Reading git-diff-tree failed