userns: Allow unprivileged reboot

In a container with its own pid namespace and user namespace, rebooting the system won't reboot the host, but terminate all the processes in it and thus have the container shutdown, so it's safe. Signed-off-by: Li Zefan <lizefan@huawei.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
author: Li Zefan <lizefan@huawei.com> 2012-12-27 11:39:12 +0800
committer: Eric W. Biederman <ebiederm@xmission.com> 2012-12-26 20:29:30 -0800
commit: 923c7538236564c46ee80c253a416705321f13e3 (patch)
tree: d57765040dc118a83f2a7c8892b1d9f051d4c5ff
parent: 48c6d1217e3dc743e7d3ad9b9def8d4810d13a85 (diff)
download: user-namespace-923c7538236564c46ee80c253a416705321f13e3.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/kernel/sys.c b/kernel/sys.c
index 265b3769042189..24d1ef56cd95aa 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -433,11 +433,12 @@ static DEFINE_MUTEX(reboot_mutex);
 SYSCALL_DEFINE4(reboot, int, magic1, int, magic2, unsigned int, cmd,
 		void __user *, arg)
 {
+	struct pid_namespace *pid_ns = task_active_pid_ns(current);
 	char buffer[256];
 	int ret = 0;
 
 	/* We only trust the superuser with rebooting the system. */
-	if (!capable(CAP_SYS_BOOT))
+	if (!ns_capable(pid_ns->user_ns, CAP_SYS_BOOT))
 		return -EPERM;
 
 	/* For safety, we require "magic" arguments. */
@@ -453,7 +454,7 @@ SYSCALL_DEFINE4(reboot, int, magic1, int, magic2, unsigned int, cmd,
 	 * pid_namespace, the command is handled by reboot_pid_ns() which will
 	 * call do_exit().
 	 */
-	ret = reboot_pid_ns(task_active_pid_ns(current), cmd);
+	ret = reboot_pid_ns(pid_ns, cmd);
 	if (ret)
 		return ret;
author	Li Zefan <lizefan@huawei.com>	2012-12-27 11:39:12 +0800
committer	Eric W. Biederman <ebiederm@xmission.com>	2012-12-26 20:29:30 -0800
commit	923c7538236564c46ee80c253a416705321f13e3 (patch)
tree	d57765040dc118a83f2a7c8892b1d9f051d4c5ff
parent	48c6d1217e3dc743e7d3ad9b9def8d4810d13a85 (diff)
download	user-namespace-923c7538236564c46ee80c253a416705321f13e3.tar.gz