1 files changed, 0 insertions, 40 deletions

diff --git a/userns-Allow-setting-gid_maps-without-privilege-when.patch b/userns-Allow-setting-gid_maps-without-privilege-when.patch
deleted file mode 100644
index 97d3fe69a..000000000
--- a/userns-Allow-setting-gid_maps-without-privilege-when.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From: "Eric W. Biederman" <ebiederm@xmission.com>
-Date: Fri, 5 Dec 2014 19:36:04 -0600
-Subject: [PATCH] userns: Allow setting gid_maps without privilege when
- setgroups is disabled
-
-Now that setgroups can be disabled and not reenabled, setting gid_map
-without privielge can now be enabled when setgroups is disabled.
-
-This restores most of the functionality that was lost when unprivileged
-setting of gid_map was removed.  Applications that use this functionality
-will need to check to see if they use setgroups or init_groups, and if they
-don't they can be fixed by simply disabling setgroups before writing to
-gid_map.
-
-Cc: stable@vger.kernel.org
-Reviewed-by: Andy Lutomirski <luto@amacapital.net>
-Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
----
- kernel/user_namespace.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
-index 6e80f4c1322b..a2e37c5d2f63 100644
---- a/kernel/user_namespace.c
-+++ b/kernel/user_namespace.c
-@@ -826,6 +826,11 @@ static bool new_idmap_permitted(const struct file *file,
- 			kuid_t uid = make_kuid(ns->parent, id);
- 			if (uid_eq(uid, cred->euid))
- 				return true;
-+		} else if (cap_setid == CAP_SETGID) {
-+			kgid_t gid = make_kgid(ns->parent, id);
-+			if (!(ns->flags & USERNS_SETGROUPS_ALLOWED) &&
-+			    gid_eq(gid, cred->egid))
-+				return true;
- 		}
- 	}
- 
--- 
-2.1.0
-