userns: Handle -1 in k[ug]id_has_mapping when !CONFIG_USER_NS

ebiederm · ebiederm · commit 37b11804ed17 · 2016-06-30T18:04:36.000-05:00
Refuse to admit any user namespace has a mapping of the INVALID_UID
and the INVALID_GID when !CONFIG_USER_NS.

Acked-by: Seth Forshee &lt;seth.forshee@canonical.com&gt;
Signed-off-by: "Eric W. Biederman" &lt;ebiederm@xmission.com&gt;
diff --git a/include/linux/uidgid.h b/include/linux/uidgid.h
@@ -177,12 +177,12 @@ static inline gid_t from_kgid_munged(struct user_namespace *to, kgid_t kgid)
 
 static inline bool kuid_has_mapping(struct user_namespace *ns, kuid_t uid)
 {
-	return true;
+	return uid_valid(uid);
 }
 
 static inline bool kgid_has_mapping(struct user_namespace *ns, kgid_t gid)
 {
-	return true;
+	return gid_valid(gid);
 }
 
 #endif /* CONFIG_USER_NS */

Original file line number	Diff line number	Diff line change
`@@ -177,12 +177,12 @@ static inline gid_t from_kgid_munged(struct user_namespace *to, kgid_t kgid)`
`177`	`177`
`178`	`178`	`static inline bool kuid_has_mapping(struct user_namespace *ns, kuid_t uid)`
`179`	`179`	`{`
`180`		`- return true;`
	`180`	`+ return uid_valid(uid);`
`181`	`181`	`}`
`182`	`182`
`183`	`183`	`static inline bool kgid_has_mapping(struct user_namespace *ns, kgid_t gid)`
`184`	`184`	`{`
`185`		`- return true;`
	`185`	`+ return gid_valid(gid);`
`186`	`186`	`}`
`187`	`187`
`188`	`188`	`#endif /* CONFIG_USER_NS */`