From: Eric W. Biederman <ebiederm@xmission.com>
Date: Sat, 6 Dec 2014 01:36:04 +0000 (-0600)
Subject: userns: Allow setting gid_maps without privilege when setgroups is disabled
X-Git-Tag: omap-for-v3.20/drop-legacy-3517~45^2~2
X-Git-Url: https://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=66d2f338ee4c449396b6f99f5e75cd18eb6df272;p=pandora-kernel.git

userns: Allow setting gid_maps without privilege when setgroups is disabled

Now that setgroups can be disabled and not reenabled, setting gid_map
without privielge can now be enabled when setgroups is disabled.

This restores most of the functionality that was lost when unprivileged
setting of gid_map was removed.  Applications that use this functionality
will need to check to see if they use setgroups or init_groups, and if they
don't they can be fixed by simply disabling setgroups before writing to
gid_map.

Cc: stable@vger.kernel.org
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---

Reading git-diff-tree failed