On Tue, Jan 11, 2011 at 05:27:59AM +0000, Serge E. Hallyn wrote: > Quoting Bastian Blank (bastian@xxxxxxxxxxxx): > > On Mon, Jan 10, 2011 at 09:14:07PM +0000, Serge E. Hallyn wrote: > > > - if (pcred->uid != cred->euid && > > > - pcred->euid != cred->euid && !capable(CAP_SYS_NICE)) { > > > + if (pcred->user->user_ns != cred->user->user_ns && > > > + pcred->uid != cred->euid && > > > + pcred->euid != cred->euid && > > > + !ns_capable(pcred->user->user_ns, CAP_SYS_NICE)) { > > > > I don't think this is correct. This would not error out if the both > > userns are the same. Because the same patern (check uid if same userns, > > otherwise only capability) shows up in several parts of the code, maybe > > this should be factored out. > > Yeah, I'd really like to factor this out because it shows up everywhere > and I have to think about it every time I look at it. But each time it > shows up, the uids being compared slightly change. There must be some > clever way of doing it, hopefully it'll fall out soon. Well, then make mostly identical (_inline_) functions in one location (include/linux/cred.h comes in mind). You can ask later why they have to be different. You are scaling the complexity up. So you need to make it somehow manageable, and even slightly different versions in one place are much easier to handle than the same in many different places. kill_ok_by_cred would be: cred_check_euid_suid(struct task_struct *p, X capable) set_one_prio_perm would be: cred_check_euid_euid(struct task_struct *p, X capable) Bastian -- "Life and death are seldom logical." "But attaining a desired goal always is." -- McCoy and Spock, "The Galileo Seven", stardate 2821.7 _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers