To test this, you can: 1. clone a new user namespace without a new uts namespace. You can NOT set hostname. 2. clone both a new user and uts namespace. You can set hostname. Signed-off-by: Serge E. Hallyn <serge.hallyn@xxxxxxxxxxxxx> --- kernel/sys.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/kernel/sys.c b/kernel/sys.c index 2745dcd..9b9b03b 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -1171,7 +1171,7 @@ SYSCALL_DEFINE2(sethostname, char __user *, name, int, len) int errno; char tmp[__NEW_UTS_LEN]; - if (!capable(CAP_SYS_ADMIN)) + if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN)) return -EPERM; if (len < 0 || len > __NEW_UTS_LEN) return -EINVAL; -- 1.7.2.3 _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers