From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 3 Sep 2020 17:00:52 +0000 (+0200)
Subject: netfilter: nft_meta: use socket user_ns to retrieve skuid and skgid
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=0c92411bb81de9bc516d6924f50289d8d5f880e5;p=linux.git

netfilter: nft_meta: use socket user_ns to retrieve skuid and skgid

... instead of using init_user_ns.

Fixes: 96518518cc41 ("netfilter: add nftables")
Tested-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c
index 7bc6537f3ccb5..b37bd02448d8c 100644
--- a/net/netfilter/nft_meta.c
+++ b/net/netfilter/nft_meta.c
@@ -147,11 +147,11 @@ nft_meta_get_eval_skugid(enum nft_meta_keys key,
 
 	switch (key) {
 	case NFT_META_SKUID:
-		*dest = from_kuid_munged(&init_user_ns,
+		*dest = from_kuid_munged(sock_net(sk)->user_ns,
 					 sock->file->f_cred->fsuid);
 		break;
 	case NFT_META_SKGID:
-		*dest =	from_kgid_munged(&init_user_ns,
+		*dest =	from_kgid_munged(sock_net(sk)->user_ns,
 					 sock->file->f_cred->fsgid);
 		break;
 	default: