Merge remote-tracking branch 'hid/for-next'

[karo-tx-linux.git] / kernel / user_namespace.c

diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 4109f8320684a81af4cd9d0c7262f83812c300f2..88fefa68c5164c88e5ec2487c942b15e3914666b 100644 (file)
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -39,6 +39,7 @@ static void set_cred_user_ns(struct cred *cred, struct user_namespace *user_ns)
        cred->cap_inheritable = CAP_EMPTY_SET;
        cred->cap_permitted = CAP_FULL_SET;
        cred->cap_effective = CAP_FULL_SET;
+       cred->cap_ambient = CAP_EMPTY_SET;
        cred->cap_bset = CAP_FULL_SET;
 #ifdef CONFIG_KEYS
        key_put(cred->request_key_auth);
@@ -976,8 +977,8 @@ static int userns_install(struct nsproxy *nsproxy, struct ns_common *ns)
        if (user_ns == current_user_ns())
                return -EINVAL;
 
-       /* Threaded processes may not enter a different user namespace */
-       if (atomic_read(&current->mm->mm_users) > 1)
+       /* Tasks that share a thread group must share a user namespace */
+       if (!thread_group_empty(current))
                return -EINVAL;
 
        if (current->fs->users != 1)