If the map is already set,we should return -EINVAL. Signed-off-by: Gao feng <gaofeng@xxxxxxxxxxxxxx> --- kernel/user_namespace.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index 054471d..0231f87 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c @@ -560,11 +560,11 @@ static ssize_t map_write(struct file *file, const char __user *buf, */ mutex_lock(&id_map_mutex); - ret = -EPERM; /* Only allow one successful write to the map */ if (map->nr_extents != 0) goto out; + ret = -EPERM; /* Require the appropriate privilege CAP_SETUID or CAP_SETGID * over the user namespace in order to set the id mapping. */ -- 1.7.7.6 _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
