diff options
Diffstat (limited to 'kernel/groups.c')
| -rw-r--r-- | kernel/groups.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/kernel/groups.c b/kernel/groups.c index 451698f86cfa..02d8a251c476 100644 --- a/kernel/groups.c +++ b/kernel/groups.c @@ -213,6 +213,13 @@ out: return i; } +bool may_setgroups(void) +{ + struct user_namespace *user_ns = current_user_ns(); + + return ns_capable(user_ns, CAP_SETGID); +} + /* * SMP: Our groups are copy-on-write. We can set them safely * without another task interfering. @@ -223,7 +230,7 @@ SYSCALL_DEFINE2(setgroups, int, gidsetsize, gid_t __user *, grouplist) struct group_info *group_info; int retval; - if (!ns_capable(current_user_ns(), CAP_SETGID)) + if (!may_setgroups()) return -EPERM; if ((unsigned)gidsetsize > NGROUPS_MAX) return -EINVAL; |
