projects / cascardo / linux.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
netfilter: Set /proc/net entries owner to root in namespace
[cascardo/linux.git] / net / netfilter / nf_conntrack_expect.c
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index acf5c7b..278927a 100644 (file)
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -596,11 +596,18 @@ static int exp_proc_init(struct net *net)
 {
 #ifdef CONFIG_NF_CONNTRACK_PROCFS
        struct proc_dir_entry *proc;
+       kuid_t root_uid;
+       kgid_t root_gid;
 
        proc = proc_create("nf_conntrack_expect", 0440, net->proc_net,
                           &exp_file_ops);
        if (!proc)
                return -ENOMEM;
+
+       root_uid = make_kuid(net->user_ns, 0);
+       root_gid = make_kgid(net->user_ns, 0);
+       if (uid_valid(root_uid) && gid_valid(root_gid))
+               proc_set_user(proc, root_uid, root_gid);
 #endif /* CONFIG_NF_CONNTRACK_PROCFS */
        return 0;
 }
Unnamed repository; edit this file 'description' to name the repository.