userns: Handle -1 in k[ug]id_has_mapping when !CONFIG_USER_NS

Refuse to admit any user namespace has a mapping of the INVALID_UID
and the INVALID_GID when !CONFIG_USER_NS.

Acked-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

diff --git a/include/linux/uidgid.h b/include/linux/uidgid.h
index 03835522dfcb68ab830a9d38768c374a99ec131d..25e9d92163408c38eba7e08d26f508c4335c49de 100644 (file)
--- a/include/linux/uidgid.h
+++ b/include/linux/uidgid.h
@@ -177,12 +177,12 @@ static inline gid_t from_kgid_munged(struct user_namespace *to, kgid_t kgid)
 
 static inline bool kuid_has_mapping(struct user_namespace *ns, kuid_t uid)
 {
-       return true;
+       return uid_valid(uid);
 }
 
 static inline bool kgid_has_mapping(struct user_namespace *ns, kgid_t gid)
 {
-       return true;
+       return gid_valid(gid);
 }
 
 #endif /* CONFIG_USER_NS */