keyctl: check capabilities against key's user_ns ATM, task should only be able to get his own user_ns's keys anyway, so nsown_capable should also work, but there is no advantage to doing that, while using key's user_ns is clearer. changelog: jun 6: compile fix: keyctl.c (key_user, not key has user_ns) Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com> Acked-by: David Howells <dhowells@redhat.com> Cc: Eric W. Biederman <ebiederm@xmission.com>

commit: ec3d61047307d8ec0fb66dd2eb575240215bb00b [log] [tgz]
author: Serge E. Hallyn <serge.hallyn@canonical.com> Tue Jul 26 18:58:26 2011 +0000
committer: Eric W. Biederman <ebiederm@aristanetworks.com> Thu Aug 11 10:07:51 2011 -0500
tree: d9801c240661a7ef02833dd5cf5ac9d4c43b69dd
parent: f0afb8225756de664a0f8a195669d2f61cdc4f30 [diff]
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index eca5191..fa7d420 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c

@@ -745,7 +745,7 @@
 	ret = -EACCES;
 	down_write(&key->sem);
 
-	if (!capable(CAP_SYS_ADMIN)) {
+	if (!ns_capable(key->user->user_ns, CAP_SYS_ADMIN)) {
 		/* only the sysadmin can chown a key to some other UID */
 		if (uid != (uid_t) -1 && key->uid != uid)
 			goto error_put;
@@ -852,7 +852,8 @@
 	down_write(&key->sem);
 
 	/* if we're not the sysadmin, we can only change a key that we own */
-	if (capable(CAP_SYS_ADMIN) || key->uid == current_fsuid()) {
+	if (ns_capable(key->user->user_ns, CAP_SYS_ADMIN) ||
+	    key->uid == current_fsuid()) {
 		key->perm = perm;
 		ret = 0;
 	}
commit	ec3d61047307d8ec0fb66dd2eb575240215bb00b	[log] [tgz]
author	Serge E. Hallyn <serge.hallyn@canonical.com>	Tue Jul 26 18:58:26 2011 +0000
committer	Eric W. Biederman <ebiederm@aristanetworks.com>	Thu Aug 11 10:07:51 2011 -0500
tree	d9801c240661a7ef02833dd5cf5ac9d4c43b69dd
parent	f0afb8225756de664a0f8a195669d2f61cdc4f30 [diff]