git.openpandora.org
/
pandora-kernel.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
[pandora-kernel.git]
/
kernel
/
groups.c
diff --git
a/kernel/groups.c
b/kernel/groups.c
index
451698f
..
664411f
100644
(file)
--- a/
kernel/groups.c
+++ b/
kernel/groups.c
@@
-6,6
+6,7
@@
#include <linux/slab.h>
#include <linux/security.h>
#include <linux/syscalls.h>
#include <linux/slab.h>
#include <linux/security.h>
#include <linux/syscalls.h>
+#include <linux/user_namespace.h>
#include <asm/uaccess.h>
/* init to 2 - one for init_task, one to ensure it is never freed */
#include <asm/uaccess.h>
/* init to 2 - one for init_task, one to ensure it is never freed */
@@
-213,6
+214,14
@@
out:
return i;
}
return i;
}
+bool may_setgroups(void)
+{
+ struct user_namespace *user_ns = current_user_ns();
+
+ return ns_capable(user_ns, CAP_SETGID) &&
+ userns_may_setgroups(user_ns);
+}
+
/*
* SMP: Our groups are copy-on-write. We can set them safely
* without another task interfering.
/*
* SMP: Our groups are copy-on-write. We can set them safely
* without another task interfering.
@@
-223,7
+232,7
@@
SYSCALL_DEFINE2(setgroups, int, gidsetsize, gid_t __user *, grouplist)
struct group_info *group_info;
int retval;
struct group_info *group_info;
int retval;
- if (!
ns_capable(current_user_ns(), CAP_SETGID
))
+ if (!
may_setgroups(
))
return -EPERM;
if ((unsigned)gidsetsize > NGROUPS_MAX)
return -EINVAL;
return -EPERM;
if ((unsigned)gidsetsize > NGROUPS_MAX)
return -EINVAL;