userns: Convert cgroup permission checks to use uid_eq

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>

diff --git a/init/Kconfig b/init/Kconfig
index 7a5ccb2..d24cc75 100644 (file)
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -865,7 +865,6 @@ config UIDGID_CONVERTED
 
        # List of kernel pieces that need user namespace work
        # Features
-       depends on CGROUPS = n
        depends on MIGRATION = n
        depends on NUMA = n
        depends on SYSVIPC = n

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index ed64cca..c8329b0 100644 (file)
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -2160,9 +2160,9 @@ retry_find_task:
                 * only need to check permissions on one of them.
                 */
                tcred = __task_cred(tsk);
-               if (cred->euid &&
-                   cred->euid != tcred->uid &&
-                   cred->euid != tcred->suid) {
+               if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
+                   !uid_eq(cred->euid, tcred->uid) &&
+                   !uid_eq(cred->euid, tcred->suid)) {
                        rcu_read_unlock();
                        ret = -EACCES;
                        goto out_unlock_cgroup;