diff options
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/user_namespace.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index 7737b3da335c..c09fe8b87cb0 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c @@ -812,6 +812,11 @@ static bool new_idmap_permitted(const struct file *file, kuid_t uid = make_kuid(ns->parent, id); if (uid_eq(uid, cred->euid)) return true; + } else if (cap_setid == CAP_SETGID) { + kgid_t gid = make_kgid(ns->parent, id); + if (!(ns->flags & USERNS_SETGROUPS_ALLOWED) && + gid_eq(gid, cred->egid)) + return true; } } |