summaryrefslogtreecommitdiff
path: root/net/core/scm.c
diff options
context:
space:
mode:
authorMauro Carvalho Chehab <mchehab@redhat.com>2013-04-30 09:00:33 -0300
committerMauro Carvalho Chehab <mchehab@redhat.com>2013-04-30 09:00:33 -0300
commitaad797c89903d570c17f6affc770eb98afd74e62 (patch)
treebddefd4242b0efba1068b5260f831c2697ba4037 /net/core/scm.c
parentc95789ecd5a979fd718ae09763df3fa50dd97a91 (diff)
parentc1be5a5b1b355d40e6cf79cc979eb66dafa24ad1 (diff)
Merge tag 'v3.9' into v4l_for_linus
Linux 3.9 * tag 'v3.9': (1099 commits) Linux 3.9 vm: add no-mmu vm_iomap_memory() stub efivars: only check for duplicates on the registered list TTY: fix atime/mtime regression aio: fix possible invalid memory access when DEBUG is enabled parisc: use spin_lock_irqsave/spin_unlock_irqrestore for PTE updates parisc: disable -mlong-calls compiler option for kernel modules parisc: uaccess: fix compiler warnings caused by __put_user casting parisc: Change kunmap macro to static inline function parisc: Provide __ucmpdi2 to resolve undefined references in 32 bit builds. sparc64: Fix missing put_cpu_var() in tlb_batch_add_one() when not batching. Revert "gpio: pxa: set initcall level to module init" efi: Check EFI revision in setup_efi_vars x86, efi: Fix a build warning Revert "MIPS: page.h: Provide more readable definition for PAGE_MASK." kernel/hz.bc: ignore. Linux 3.9-rc8 events: Protect access via task_subsys_state_check() net: fix incorrect credentials passing x86, microcode: Verify the family before dispatching microcode patching ...
Diffstat (limited to 'net/core/scm.c')
-rw-r--r--net/core/scm.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/net/core/scm.c b/net/core/scm.c
index 905dcc6ad1e3..2dc6cdaaae8a 100644
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -24,6 +24,7 @@
#include <linux/interrupt.h>
#include <linux/netdevice.h>
#include <linux/security.h>
+#include <linux/pid_namespace.h>
#include <linux/pid.h>
#include <linux/nsproxy.h>
#include <linux/slab.h>
@@ -52,7 +53,8 @@ static __inline__ int scm_check_creds(struct ucred *creds)
if (!uid_valid(uid) || !gid_valid(gid))
return -EINVAL;
- if ((creds->pid == task_tgid_vnr(current) || nsown_capable(CAP_SYS_ADMIN)) &&
+ if ((creds->pid == task_tgid_vnr(current) ||
+ ns_capable(current->nsproxy->pid_ns->user_ns, CAP_SYS_ADMIN)) &&
((uid_eq(uid, cred->uid) || uid_eq(uid, cred->euid) ||
uid_eq(uid, cred->suid)) || nsown_capable(CAP_SETUID)) &&
((gid_eq(gid, cred->gid) || gid_eq(gid, cred->egid) ||