userns: Convert cgroup permission checks to use uid_eq

Acked-by: N Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: N Eric W. Biederman <ebiederm@xmission.com>

userns: Convert cgroup permission checks to use uid_eq
Acked-by: N Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: N Eric W. Biederman <ebiederm@xmission.com>
14a590c3 · Eric W. Biederman · 8751e039 · 14a590c3 · 14a590c3
隐藏空白更改
内联并排

Showing with 3 addition and 4 deletion

init/Kconfig init/Kconfig +0 -1

kernel/cgroup.c kernel/cgroup.c +3 -3

未找到文件。
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -865,7 +865,6 @@ config UIDGID_CONVERTED
 	# List of kernel pieces that need user namespace work
 	# Features
-	depends on CGROUPS = n
 	depends on MIGRATION = n
 	depends on NUMA = n
 	depends on SYSVIPC = n

--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -2160,9 +2160,9 @@ static int attach_task_by_pid(struct cgroup *cgrp, u64 pid, bool threadgroup)
 		 * only need to check permissions on one of them.
 		 */
 		tcred = __task_cred(tsk);
-		if (cred->euid &&
+		if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
-		    cred->euid != tcred->uid &&
+		    !uid_eq(cred->euid, tcred->uid) &&
-		    cred->euid != tcred->suid) {
+		    !uid_eq(cred->euid, tcred->suid)) {
 			rcu_read_unlock();
 			ret = -EACCES;
 			goto out_unlock_cgroup;