Merge tag 'kernel.sys.v5.15' of git://git.kernel.org/pub/scm/linux/ke…

…rnel/git/brauner/linux

Pull set_user()  update from Christian Brauner:
 "This contains a single fix to set_user() which aligns permission
  checks with the corresponding fork() codepath. No one involved in this
  could come up with a reason for the difference.

  A capable caller can already circumvent the check when they fork where
  the permission checks are already for the relevant capabilities in
  addition to also allowing to exceed nproc when it is the init user.

  So apply the same logic to set_user()"

* tag 'kernel.sys.v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux:
  set_user: add capability check when rlimit(RLIMIT_NPROC) exceeds

kernel/sys.c

@@ -480,7 +480,8 @@ static int set_user(struct cred *new)
 	 * failure to the execve() stage.
 	 */
 	if (is_ucounts_overlimit(new->ucounts, UCOUNT_RLIMIT_NPROC, rlimit(RLIMIT_NPROC)) &&
-			new_user != INIT_USER)
+			new_user != INIT_USER &&
+			!capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN))
 		current->flags |= PF_NPROC_EXCEEDED;
 	else
 		current->flags &= ~PF_NPROC_EXCEEDED;