diff options
Diffstat (limited to 'recipes-kernel/linux/files/Check_correct_namespace_when_spoofing_pid_over_SCM_RIGHTS.patch')
-rw-r--r-- | recipes-kernel/linux/files/Check_correct_namespace_when_spoofing_pid_over_SCM_RIGHTS.patch | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/recipes-kernel/linux/files/Check_correct_namespace_when_spoofing_pid_over_SCM_RIGHTS.patch b/recipes-kernel/linux/files/Check_correct_namespace_when_spoofing_pid_over_SCM_RIGHTS.patch new file mode 100644 index 0000000..79e52c3 --- /dev/null +++ b/recipes-kernel/linux/files/Check_correct_namespace_when_spoofing_pid_over_SCM_RIGHTS.patch | |||
@@ -0,0 +1,13 @@ | |||
1 | diff --git a/net/core/scm.c b/net/core/scm.c | ||
2 | index 03795d0..b4da80b 100644 | ||
3 | --- a/net/core/scm.c | ||
4 | +++ b/net/core/scm.c | ||
5 | @@ -54,7 +54,7 @@ static __inline__ int scm_check_creds(struct ucred *creds) | ||
6 | return -EINVAL; | ||
7 | |||
8 | if ((creds->pid == task_tgid_vnr(current) || | ||
9 | - ns_capable(current->nsproxy->pid_ns->user_ns, CAP_SYS_ADMIN)) && | ||
10 | + ns_capable(task_active_pid_ns(current)->user_ns, CAP_SYS_ADMIN)) && | ||
11 | ((uid_eq(uid, cred->uid) || uid_eq(uid, cred->euid) || | ||
12 | uid_eq(uid, cred->suid)) || nsown_capable(CAP_SETUID)) && | ||
13 | ((gid_eq(gid, cred->gid) || gid_eq(gid, cred->egid) || | ||