userns: Check uid_map's opener's fsuid, not the current fsuid

author Andy Lutomirski <luto@amacapital.net>

Sun, 14 Apr 2013 23:28:19 +0000 (16:28 -0700)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Thu, 25 Apr 2013 19:51:23 +0000 (12:51 -0700)
author Andy Lutomirski <luto@amacapital.net>
Sun, 14 Apr 2013 23:28:19 +0000 (16:28 -0700)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 25 Apr 2013 19:51:23 +0000 (12:51 -0700)
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c

index 6cc21a5114d19dbb661cea9483ac3a3d5011a128..fdf40d6cf8a46bf1f679a0ee75a84283573c281d 100644 (file)
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -763,12 +763,12 @@ static bool new_idmap_permitted(const struct file *file,
                 u32 id = new_map->extent[0].lower_first;
                 if (cap_setid == CAP_SETUID) {
                         kuid_t uid = make_kuid(ns->parent, id);
-                       if (uid_eq(uid, current_fsuid()))
+                       if (uid_eq(uid, file->f_cred->fsuid))
                                 return true;
                 }
                 else if (cap_setid == CAP_SETGID) {
                         kgid_t gid = make_kgid(ns->parent, id);
-                       if (gid_eq(gid, current_fsgid()))
+                       if (gid_eq(gid, file->f_cred->fsgid))
                                 return true;
                 }
         }
author	Andy Lutomirski <luto@amacapital.net>
	Sun, 14 Apr 2013 23:28:19 +0000 (16:28 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 25 Apr 2013 19:51:23 +0000 (12:51 -0700)