[RFC PATCH 3/4] allow sethostname in a container

From: Serge E. Hallyn
Date: Thu Dec 09 2010 - 12:30:52 EST

Next message: Serge E. Hallyn: "[RFC PATCH 4/4] allow killing tasks in your own or child userns"
Previous message: Stephen Warren: "[PATCH] mfd: tps6586x: Remove device ID check"
In reply to: Serge E. Hallyn: "[RFC PATCH 2/4] security: Make capabilities relative to the usernamespace."
Next in thread: Serge E. Hallyn: "[RFC PATCH 4/4] allow killing tasks in your own or child userns"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To test this, you can:
1. clone a new user namespace without a new uts namespace.
You can NOT set hostname.
2. clone both a new user and uts namespace. You can set
hostname.

Signed-off-by: Serge E. Hallyn <serge.hallyn@xxxxxxxxxxxxx>
---
kernel/sys.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/kernel/sys.c b/kernel/sys.c
index 2745dcd..9b9b03b 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -1171,7 +1171,7 @@ SYSCALL_DEFINE2(sethostname, char __user *, name, int, len)
int errno;
char tmp[__NEW_UTS_LEN];

- if (!capable(CAP_SYS_ADMIN))
+ if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN))
return -EPERM;
if (len < 0 || len > __NEW_UTS_LEN)
return -EINVAL;
--
1.7.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Serge E. Hallyn: "[RFC PATCH 4/4] allow killing tasks in your own or child userns"
Previous message: Stephen Warren: "[PATCH] mfd: tps6586x: Remove device ID check"
In reply to: Serge E. Hallyn: "[RFC PATCH 2/4] security: Make capabilities relative to the usernamespace."
Next in thread: Serge E. Hallyn: "[RFC PATCH 4/4] allow killing tasks in your own or child userns"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]