Code Review
/
kvmfornfv.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
Merge "Adding new packet forwarding test cases"
[kvmfornfv.git]
/
kernel
/
kernel
/
user_namespace.c
diff --git
a/kernel/kernel/user_namespace.c
b/kernel/kernel/user_namespace.c
index
4109f83
..
88fefa6
100644
(file)
--- a/
kernel/kernel/user_namespace.c
+++ b/
kernel/kernel/user_namespace.c
@@
-39,6
+39,7
@@
static void set_cred_user_ns(struct cred *cred, struct user_namespace *user_ns)
cred->cap_inheritable = CAP_EMPTY_SET;
cred->cap_permitted = CAP_FULL_SET;
cred->cap_effective = CAP_FULL_SET;
cred->cap_inheritable = CAP_EMPTY_SET;
cred->cap_permitted = CAP_FULL_SET;
cred->cap_effective = CAP_FULL_SET;
+ cred->cap_ambient = CAP_EMPTY_SET;
cred->cap_bset = CAP_FULL_SET;
#ifdef CONFIG_KEYS
key_put(cred->request_key_auth);
cred->cap_bset = CAP_FULL_SET;
#ifdef CONFIG_KEYS
key_put(cred->request_key_auth);
@@
-976,8
+977,8
@@
static int userns_install(struct nsproxy *nsproxy, struct ns_common *ns)
if (user_ns == current_user_ns())
return -EINVAL;
if (user_ns == current_user_ns())
return -EINVAL;
- /* T
hreaded processes may not enter a different
user namespace */
- if (
atomic_read(¤t->mm->mm_users) > 1
)
+ /* T
asks that share a thread group must share a
user namespace */
+ if (
!thread_group_empty(current)
)
return -EINVAL;
if (current->fs->users != 1)
return -EINVAL;
if (current->fs->users != 1)