path: root/kernel/uid16.c
diff options
authorEric W. Biederman <>2014-12-05 17:19:27 -0600
committerEric W. Biederman <>2014-12-05 17:19:27 -0600
commit7ff4d90b4c24a03666f296c3d4878cd39001e81e (patch)
tree757293c98c93eec1c5b7caae149c34e49bb824c5 /kernel/uid16.c
parent4fed655c410cc56add64c7b1f7c85c7c56066ac2 (diff)
groups: Consolidate the setgroups permission checks
Today there are 3 instances of setgroups and due to an oversight their permission checking has diverged. Add a common function so that they may all share the same permission checking code. This corrects the current oversight in the current permission checks and adds a helper to avoid this in the future. A user namespace security fix will update this new helper, shortly. Cc: Signed-off-by: "Eric W. Biederman" <>
Diffstat (limited to 'kernel/uid16.c')
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/uid16.c b/kernel/uid16.c
index 602e5bbbceff..d58cc4d8f0d1 100644
--- a/kernel/uid16.c
+++ b/kernel/uid16.c
@@ -176,7 +176,7 @@ SYSCALL_DEFINE2(setgroups16, int, gidsetsize, old_gid_t __user *, grouplist)
struct group_info *group_info;
int retval;
- if (!ns_capable(current_user_ns(), CAP_SETGID))
+ if (!may_setgroups())
return -EPERM;
if ((unsigned)gidsetsize > NGROUPS_MAX)
return -EINVAL;