userns: Simplify the user_namespace by making userns->creator a kuid.

[deliverable/linux.git] / security / commoncap.c

diff --git a/security/commoncap.c b/security/commoncap.c
index 0cf4b53480a778ffeacd46149aa785c63db81c07..f2399d8afbe033ede4ddc2c7504b35a04d11c9df 100644 (file)
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -76,12 +76,13 @@ int cap_capable(const struct cred *cred, struct user_namespace *targ_ns,
                int cap, int audit)
 {
        for (;;) {
-               /* The creator of the user namespace has all caps. */
-               if (targ_ns != &init_user_ns && targ_ns->creator == cred->user)
+               /* The owner of the user namespace has all caps. */
+               if (targ_ns != &init_user_ns && uid_eq(targ_ns->owner,
+                                                      make_kuid(cred->user_ns, cred->euid)))
                        return 0;
 
                /* Do we have the necessary capabilities? */
-               if (targ_ns == cred->user->user_ns)
+               if (targ_ns == cred->user_ns)
                        return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM;
 
                /* Have we tried all of the parent namespaces? */
@@ -92,7 +93,7 @@ int cap_capable(const struct cred *cred, struct user_namespace *targ_ns,
                 *If you have a capability in a parent user ns, then you have
                 * it over all children user namespaces as well.
                 */
-               targ_ns = targ_ns->creator->user_ns;
+               targ_ns = targ_ns->parent;
        }
 
        /* We never get here */
@@ -136,10 +137,10 @@ int cap_ptrace_access_check(struct task_struct *child, unsigned int mode)
        rcu_read_lock();
        cred = current_cred();
        child_cred = __task_cred(child);
-       if (cred->user->user_ns == child_cred->user->user_ns &&
+       if (cred->user_ns == child_cred->user_ns &&
            cap_issubset(child_cred->cap_permitted, cred->cap_permitted))
                goto out;
-       if (ns_capable(child_cred->user->user_ns, CAP_SYS_PTRACE))
+       if (ns_capable(child_cred->user_ns, CAP_SYS_PTRACE))
                goto out;
        ret = -EPERM;
 out:
@@ -168,10 +169,10 @@ int cap_ptrace_traceme(struct task_struct *parent)
        rcu_read_lock();
        cred = __task_cred(parent);
        child_cred = current_cred();
-       if (cred->user->user_ns == child_cred->user->user_ns &&
+       if (cred->user_ns == child_cred->user_ns &&
            cap_issubset(child_cred->cap_permitted, cred->cap_permitted))
                goto out;
-       if (has_ns_capability(parent, child_cred->user->user_ns, CAP_SYS_PTRACE))
+       if (has_ns_capability(parent, child_cred->user_ns, CAP_SYS_PTRACE))
                goto out;
        ret = -EPERM;
 out:
@@ -214,7 +215,7 @@ static inline int cap_inh_is_capped(void)
        /* they are so limited unless the current task has the CAP_SETPCAP
         * capability
         */
-       if (cap_capable(current_cred(), current_cred()->user->user_ns,
+       if (cap_capable(current_cred(), current_cred()->user_ns,
                        CAP_SETPCAP, SECURITY_CAP_AUDIT) == 0)
                return 0;
        return 1;
@@ -866,7 +867,7 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
                    || ((new->securebits & SECURE_ALL_LOCKS & ~arg2))   /*[2]*/
                    || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS))   /*[3]*/
                    || (cap_capable(current_cred(),
-                                   current_cred()->user->user_ns, CAP_SETPCAP,
+                                   current_cred()->user_ns, CAP_SETPCAP,
                                    SECURITY_CAP_AUDIT) != 0)           /*[4]*/
                        /*
                         * [1] no changing of bits that are locked