userns: Convert cgroup permission checks to use uid_eq Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>

commit: 14a590c3f987977d7b09ec926481ee0238c08eee [log] [tgz]
author: Eric W. Biederman <ebiederm@xmission.com> Mon Mar 12 15:44:39 2012 -0700
committer: Eric W. Biederman <ebiederm@xmission.com> Tue May 15 14:59:30 2012 -0700
tree: b06a1f674d090abde07bbaca03f53fbe3f346609
parent: 8751e03958f2adbfba6a0f186f4c5797c950c22a [diff]
diff --git a/init/Kconfig b/init/Kconfig
index 7a5ccb2e..d24cc75 100644
--- a/init/Kconfig
+++ b/init/Kconfig

@@ -865,7 +865,6 @@
 
 	# List of kernel pieces that need user namespace work
 	# Features
-	depends on CGROUPS = n
 	depends on MIGRATION = n
 	depends on NUMA = n
 	depends on SYSVIPC = n

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index ed64cca..c8329b0 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c

@@ -2160,9 +2160,9 @@
 		 * only need to check permissions on one of them.
 		 */
 		tcred = __task_cred(tsk);
-		if (cred->euid &&
-		    cred->euid != tcred->uid &&
-		    cred->euid != tcred->suid) {
+		if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
+		    !uid_eq(cred->euid, tcred->uid) &&
+		    !uid_eq(cred->euid, tcred->suid)) {
 			rcu_read_unlock();
 			ret = -EACCES;
 			goto out_unlock_cgroup;
commit	14a590c3f987977d7b09ec926481ee0238c08eee	[log] [tgz]
author	Eric W. Biederman <ebiederm@xmission.com>	Mon Mar 12 15:44:39 2012 -0700
committer	Eric W. Biederman <ebiederm@xmission.com>	Tue May 15 14:59:30 2012 -0700
tree	b06a1f674d090abde07bbaca03f53fbe3f346609
parent	8751e03958f2adbfba6a0f186f4c5797c950c22a [diff]