Re: [PATCH 22/43] userns: Convert capabilities related permsion checks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



"Serge E. Hallyn" <serge@xxxxxxxxxx> writes:

> Quoting Eric W. Beiderman (ebiederm@xxxxxxxxxxxx):
>> From: Eric W. Biederman <ebiederm@xxxxxxxxxxxx>
>> 
>> - Use uid_eq when comparing kuids
>>   Use gid_eq when comparing kgids
>> - Use __make_kuid(user_ns, 0) to talk about the user_namespace root uid
>>   Use __make_kgid(user_ns, 0) to talk about the user_namespace root gid
>> 
>> Signed-off-by: Eric W. Biederman <ebiederm@xxxxxxxxxxxx>
>
> Acked-by: Serge Hallyn <serge.hallyn@xxxxxxxxxxxxx>
>
> though, nit,
>
>> ---
>>  fs/open.c            |    3 ++-
>>  security/commoncap.c |   43 ++++++++++++++++++++++++++++---------------
>>  2 files changed, 30 insertions(+), 16 deletions(-)
>> 

>> diff --git a/security/commoncap.c b/security/commoncap.c
>> index dbd465a..9bf8df8 100644
>> --- a/security/commoncap.c
>> +++ b/security/commoncap.c
>> @@ -472,19 +472,24 @@ int cap_bprm_set_creds(struct linux_binprm *bprm)
>>  	struct cred *new = bprm->cred;
>>  	bool effective, has_cap = false;
>>  	int ret;
>> +	kuid_t root_uid;
>> +	kgid_t root_gid;
>
> the root_gid is assigned but never used.

Thanks snipped.  It doesn't look like there will ever be a use for it.

>>  
>>  	effective = false;
>>  	ret = get_file_caps(bprm, &effective, &has_cap);
>>  	if (ret < 0)
>>  		return ret;
>>  
>> +	root_uid = make_kuid(new->user_ns, 0);
>> +	root_gid = make_kgid(new->user_ns, 0);
>> +

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux