groups: Consolidate the setgroups permission checks

[firefly-linux-kernel-4.4.55.git] / kernel / groups.c

diff --git a/kernel/groups.c b/kernel/groups.c
index 6b2588dd04ff20fb89995394f9c530a2613fbb83..984bb629c68cfc1687bc2f84295016c170e7aeb0 100644 (file)
--- a/kernel/groups.c
+++ b/kernel/groups.c
@@ -223,6 +223,13 @@ out:
        return i;
 }
 
+bool may_setgroups(void)
+{
+       struct user_namespace *user_ns = current_user_ns();
+
+       return ns_capable(user_ns, CAP_SETGID);
+}
+
 /*
  *     SMP: Our groups are copy-on-write. We can set them safely
  *     without another task interfering.
@@ -233,7 +240,7 @@ SYSCALL_DEFINE2(setgroups, int, gidsetsize, gid_t __user *, grouplist)
        struct group_info *group_info;
        int retval;
 
-       if (!nsown_capable(CAP_SETGID))
+       if (!may_setgroups())
                return -EPERM;
        if ((unsigned)gidsetsize > NGROUPS_MAX)
                return -EINVAL;