dtrace: use the current user namespace for DIF_VAR_[UG]ID lookups

These lookups are not used for authentication, but rather are passed back
to DTrace itself: it seems reasonable that in this case the user would expect
them to be relative to the user namespace of the current process.

Signed-off-by: Nick Alcock <nick.alcock@oracle.com>
Acked-by: Kris Van Hees <kris.van.hees@oracle.com>

diff --git a/dtrace/dtrace_dif.c b/dtrace/dtrace_dif.c
index 5d6468e8d9ddddccc87035297d1019ae8a3c5126..cb700dcf72e08116346389dac73b221b927c8e15 100644 (file)
--- a/dtrace/dtrace_dif.c
+++ b/dtrace/dtrace_dif.c
@@ -2286,7 +2286,8 @@ static uint64_t dtrace_dif_variable(dtrace_mstate_t *mstate,
                 * Additionally, it is safe to dereference one's own process
                 * credential, since this is never NULL after process birth.
                 */
-               return (uint64_t)from_kuid(NULL, current_real_cred()->uid);
+               return (uint64_t)from_kuid(current_user_ns(),
+                                          current_real_cred()->uid);
 
        case DIF_VAR_GID:
                if (!dtrace_priv_proc(state))
@@ -2299,7 +2300,8 @@ static uint64_t dtrace_dif_variable(dtrace_mstate_t *mstate,
                 * Additionally, it is safe to dereference one's own process
                 * credential, since this is never NULL after process birth.
                 */
-               return (uint64_t)from_kgid(NULL, current_real_cred()->gid);
+               return (uint64_t)from_kgid(current_user_ns(),
+                                          current_real_cred()->gid);
 
        case DIF_VAR_ERRNO: {
                int64_t arg0;