Quoting Serge E. Hallyn (se...@hallyn.com): > Signed-off-by: Serge E. Hallyn <serge.hal...@canonical.com> > --- > kernel/sys.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/kernel/sys.c b/kernel/sys.c > index 2745dcd..9b9b03b 100644 > --- a/kernel/sys.c > +++ b/kernel/sys.c > @@ -1171,7 +1171,7 @@ SYSCALL_DEFINE2(sethostname, char __user *, name, int, > len) > int errno; > char tmp[__NEW_UTS_LEN]; > > - if (!capable(CAP_SYS_ADMIN)) > + if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN)) > return -EPERM; > if (len < 0 || len > __NEW_UTS_LEN) > return -EINVAL; > -- > 1.7.0.4
An interesting note here is that since the task doing ns_exec (and therefore in the init_user_ns) requires CAP_SYS_ADMIN to unshare, this check will actually always be true if uts_ns was not unshared. If uts is unshared, then regular capabilities semantics in the child user_ns apply (that is, root can do sethostname, unpriv user cannot) The intent is that user namespaces will eventually allow unprivileged users to unshare, after which this will make much more sense. -serge _______________________________________________ Containers mailing list contain...@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/containers _______________________________________________ Devel mailing list Devel@openvz.org https://openvz.org/mailman/listinfo/devel
