summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/kernel/ipc_namespace.go
diff options
context:
space:
mode:
authorRahat Mahmood <rahat@google.com>2018-05-17 15:37:19 -0700
committerShentubot <shentubot@google.com>2018-05-17 15:38:11 -0700
commitb904250b862c5c14da84e08b6a5400c7bf2458b0 (patch)
treec6365aa58237dda6602b358acdc11f39c4eecb67 /pkg/sentry/kernel/ipc_namespace.go
parent8878a66a565733493e702199b284cd7855f80bf0 (diff)
Fix capability check for sysv semaphores.
Capabilities for sysv sem operations were being checked against the current task's user namespace. They should be checked against the user namespace owning the ipc namespace for the sems instead, per ipc/util.c:ipcperms(). PiperOrigin-RevId: 197063111 Change-Id: Iba29486b316f2e01ee331dda4e48a6ab7960d589
Diffstat (limited to 'pkg/sentry/kernel/ipc_namespace.go')
-rw-r--r--pkg/sentry/kernel/ipc_namespace.go2
1 files changed, 1 insertions, 1 deletions
diff --git a/pkg/sentry/kernel/ipc_namespace.go b/pkg/sentry/kernel/ipc_namespace.go
index 3049fead4..a86bda77b 100644
--- a/pkg/sentry/kernel/ipc_namespace.go
+++ b/pkg/sentry/kernel/ipc_namespace.go
@@ -33,7 +33,7 @@ type IPCNamespace struct {
func NewIPCNamespace(userNS *auth.UserNamespace) *IPCNamespace {
return &IPCNamespace{
userNS: userNS,
- semaphores: semaphore.NewRegistry(),
+ semaphores: semaphore.NewRegistry(userNS),
shms: shm.NewRegistry(userNS),
}
}