Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
MIME-Version: 1.0
References: <20180729193646.201721-1-toddpoynor@gmail.com> <20180729193646.201721-5-toddpoynor@gmail.com>
 <CAE_wzQ_vRx6BbidM==ryBh0+4t+FHJg4-55XDHJjm1=2VfMDMg@mail.gmail.com>
In-Reply-To: <CAE_wzQ_vRx6BbidM==ryBh0+4t+FHJg4-55XDHJjm1=2VfMDMg@mail.gmail.com>
From:   Todd Poynor <toddpoynor@google.com>
Date:   Mon, 30 Jul 2018 11:02:24 -0700
Message-ID: <CAAW3YpZMb3GkUBZ2ytN+KhUYDZOB44upCmWs2frYQ30RkDCLbA@mail.gmail.com>
Subject: Re: [PATCH 04/13] staging: gasket: core: allow root access based on
 user namespace
To:     Dmitry Torokhov <dtor@chromium.org>
Cc:     "toddpoynor@gmail.com" <toddpoynor@gmail.com>,
        Rob Springer <rspringer@google.com>,
        John Joseph <jnjoseph@google.com>, benchan@chromium.org,
        Greg KH <gregkh@linuxfoundation.org>,
        devel@driverdev.osuosl.org, LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk

Hi Dmitry,
On Mon, Jul 30, 2018 at 10:57 AM Dmitry Torokhov <dtor@chromium.org> wrote:
>
> Hi Todd,
>
> On Sun, Jul 29, 2018 at 12:37 PM Todd Poynor <toddpoynor@gmail.com> wrote:
> > @@ -1064,7 +1067,8 @@ static int gasket_open(struct inode *inode, struct file *filp)
> >         char task_name[TASK_COMM_LEN];
> >         struct gasket_cdev_info *dev_info =
> >             container_of(inode->i_cdev, struct gasket_cdev_info, cdev);
> > -       int is_root = capable(CAP_SYS_ADMIN);
> > +       struct pid_namespace *pid_ns = task_active_pid_ns(current);
> > +       int is_root = ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN);
>
> ns_capable() returns bool, why did you make is_root an integer?

Gaah, I forgot to change the type of the existing var.  Will fix, thanks -- Todd

>
> Thanks,
> Dmitry