e3f67fd712
- Fixup keys-krb-support.patch to build with USER_NS enabled
42 lines
1.1 KiB
Diff
42 lines
1.1 KiB
Diff
From e3da68be55914bfeedb8866f191cc0958579611d Mon Sep 17 00:00:00 2001
|
|
From: Josh Boyer <jwboyer@fedoraproject.org>
|
|
Date: Wed, 13 Nov 2013 10:21:18 -0500
|
|
Subject: [PATCH] Revert "userns: Allow unprivileged users to create user
|
|
namespaces."
|
|
|
|
This reverts commit 5eaf563e53294d6696e651466697eb9d491f3946.
|
|
|
|
Conflicts:
|
|
kernel/fork.c
|
|
---
|
|
kernel/fork.c | 13 +++++++++++++
|
|
1 file changed, 13 insertions(+)
|
|
|
|
diff --git a/kernel/fork.c b/kernel/fork.c
|
|
index f6d11fc..e04c9a7 100644
|
|
--- a/kernel/fork.c
|
|
+++ b/kernel/fork.c
|
|
@@ -1573,6 +1573,19 @@ long do_fork(unsigned long clone_flags,
|
|
long nr;
|
|
|
|
/*
|
|
+ * Do some preliminary argument and permissions checking before we
|
|
+ * actually start allocating stuff
|
|
+ */
|
|
+ if (clone_flags & CLONE_NEWUSER) {
|
|
+ /* hopefully this check will go away when userns support is
|
|
+ * complete
|
|
+ */
|
|
+ if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SETUID) ||
|
|
+ !capable(CAP_SETGID))
|
|
+ return -EPERM;
|
|
+ }
|
|
+
|
|
+ /*
|
|
* Determine whether and which event to report to ptracer. When
|
|
* called from kernel_thread or CLONE_UNTRACED is explicitly
|
|
* requested, no event is reported; otherwise, report if the event
|
|
--
|
|
1.8.3.1
|
|
|