diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2017-01-03 10:23:11 +1300 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2017-01-24 12:03:09 +1300 |
commit | 68eb94f16227336a5773b83ecfa8290f1d6b78ce (patch) | |
tree | 2dfcf480bbfce233747c6d7d40a120850f1256a2 /fs/proc/fd.c | |
parent | 9227dd2a84a765fcfef1677ff17de0958b192eda (diff) | |
download | op-kernel-dev-68eb94f16227336a5773b83ecfa8290f1d6b78ce.zip op-kernel-dev-68eb94f16227336a5773b83ecfa8290f1d6b78ce.tar.gz |
proc: Better ownership of files for non-dumpable tasks in user namespaces
Instead of making the files owned by the GLOBAL_ROOT_USER. Make
non-dumpable files whose mm has always lived in a user namespace owned
by the user namespace root. This allows the container root to have
things work as expected in a container.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'fs/proc/fd.c')
-rw-r--r-- | fs/proc/fd.c | 12 |
1 files changed, 1 insertions, 11 deletions
diff --git a/fs/proc/fd.c b/fs/proc/fd.c index 4274f83..00ce153 100644 --- a/fs/proc/fd.c +++ b/fs/proc/fd.c @@ -84,7 +84,6 @@ static int tid_fd_revalidate(struct dentry *dentry, unsigned int flags) { struct files_struct *files; struct task_struct *task; - const struct cred *cred; struct inode *inode; unsigned int fd; @@ -108,16 +107,7 @@ static int tid_fd_revalidate(struct dentry *dentry, unsigned int flags) rcu_read_unlock(); put_files_struct(files); - if (task_dumpable(task)) { - rcu_read_lock(); - cred = __task_cred(task); - inode->i_uid = cred->euid; - inode->i_gid = cred->egid; - rcu_read_unlock(); - } else { - inode->i_uid = GLOBAL_ROOT_UID; - inode->i_gid = GLOBAL_ROOT_GID; - } + task_dump_owner(task, 0, &inode->i_uid, &inode->i_gid); if (S_ISLNK(inode->i_mode)) { unsigned i_mode = S_IFLNK; |