userns: Convert cgroup permission checks to use uid_eq

Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>

userns: Convert cgroup permission checks to use uid_eq
Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Eric W. Biederman
1 parent 8751e03958
Showing 2 changed files with 3 additions and 4 deletions Side-by-side Diff
init/Kconfig
kernel/cgroup.c
@@ -865,7 +865,6 @@
  
 	# List of kernel pieces that need user namespace work
 	# Features
-	depends on CGROUPS = n
 	depends on MIGRATION = n
 	depends on NUMA = n
 	depends on SYSVIPC = n
@@ -2160,9 +2160,9 @@
 		 * only need to check permissions on one of them.
 		 */
 		tcred = __task_cred(tsk);
-		if (cred->euid &&
-		    cred->euid != tcred->uid &&
-		    cred->euid != tcred->suid) {
+		if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
+		    !uid_eq(cred->euid, tcred->uid) &&
+		    !uid_eq(cred->euid, tcred->suid)) {
 			rcu_read_unlock();
 			ret = -EACCES;
 			goto out_unlock_cgroup;
...	...	@@ -865,7 +865,6 @@
865	865
866	866	# List of kernel pieces that need user namespace work
867	867	# Features
868		- depends on CGROUPS = n
869	868	depends on MIGRATION = n
870	869	depends on NUMA = n
871	870	depends on SYSVIPC = n
...	...	@@ -2160,9 +2160,9 @@
2160	2160	* only need to check permissions on one of them.
2161	2161	*/
2162	2162	tcred = __task_cred(tsk);
2163		- if (cred->euid &&
2164		- cred->euid != tcred->uid &&
2165		- cred->euid != tcred->suid) {
	2163	+ if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
	2164	+ !uid_eq(cred->euid, tcred->uid) &&
	2165	+ !uid_eq(cred->euid, tcred->suid)) {
2166	2166	rcu_read_unlock();
2167	2167	ret = -EACCES;
2168	2168	goto out_unlock_cgroup;