From: Serge E. Hallyn Date: Wed, 3 Dec 2008 19:17:33 +0000 (-0600) Subject: user namespaces: require cap_set{ug}id for CLONE_NEWUSER X-Git-Url: http://drtracing.org/?a=commitdiff_plain;h=7657d90497f98426af17f0ac633a9b335bb7a8fb;p=deliverable%2Flinux.git user namespaces: require cap_set{ug}id for CLONE_NEWUSER While ideally CLONE_NEWUSER will eventually require no privilege, the required permission checks are currently not there. As a result, CLONE_NEWUSER has the same effect as a setuid(0)+setgroups(1,"0"). While we already require CAP_SYS_ADMIN, requiring CAP_SETUID and CAP_SETGID seems appropriate. Signed-off-by: Serge E. Hallyn Acked-by: "Eric W. Biederman" Signed-off-by: James Morris --- diff --git a/kernel/fork.c b/kernel/fork.c index 1dd89451fae4..e3a85b33107e 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -1344,7 +1344,8 @@ long do_fork(unsigned long clone_flags, /* hopefully this check will go away when userns support is * complete */ - if (!capable(CAP_SYS_ADMIN)) + if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SETUID) || + !capable(CAP_SETGID)) return -EPERM; }