From fa34e4b39a0d27086a2e797b637d8a1b1df89784 Mon Sep 17 00:00:00 2001
From: Sona Sarmadi <sona.sarmadi@enea.com>
Date: Mon, 8 Feb 2016 14:29:42 +0100
Subject: kernel/fs-userns: CVE-2014-4014

Change inode_capable to capable_wrt_inode_uidgid

Fixes privileges escalation in Linux kernel built
with the user namespaces(CONFIG_USER_NS).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4014
http://www.openwall.com/lists/oss-security/2014/06/10/4

Upstream patch:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id= 2246a472bce19c0d373fb5488a0e612e3328ce0a

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
 recipes-kernel/linux/linux-qoriq_3.12.bb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'recipes-kernel/linux/linux-qoriq_3.12.bb')

diff --git a/recipes-kernel/linux/linux-qoriq_3.12.bb b/recipes-kernel/linux/linux-qoriq_3.12.bb
index 262a6c8..bcf2930 100644
--- a/recipes-kernel/linux/linux-qoriq_3.12.bb
+++ b/recipes-kernel/linux/linux-qoriq_3.12.bb
@@ -35,6 +35,7 @@ SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;nobranch=1 \
     file://udp-CVE-2015-5364_CVE-2015-5366.patch \
     file://net-CVE-2015-2041.patch \
     file://media-CVE-2014-1739.patch \
+    file://fs-userns-CVE-2014-4014.patch \
 "
 SRCREV = "6619b8b55796cdf0cec04b66a71288edd3057229"
 
-- 
cgit v1.2.3-54-g00ecf