Merge tag 'v3.9-rc5' into next/cleanup

This is a dependency for the mxs/cleanup branch. Signed-off-by: Arnd Bergmann <arnd@arndb.de>
author: Arnd Bergmann <arnd@arndb.de> 2013-04-09 15:29:20 +0200
committer: Arnd Bergmann <arnd@arndb.de> 2013-04-09 15:29:43 +0200
commit: 44c0d2377539fafd1023ec7e16765b71c7f4fbce (patch)
tree: 49065c2af83c723f150bf636939790ad3108a897 /kernel/user_namespace.c
parent: 8024206dbf4e0701f0cdf259a122ea23db3a7a16 (diff)
parent: 07961ac7c0ee8b546658717034fe692fd12eefa9 (diff)
download: olio-linux-3.10-44c0d2377539fafd1023ec7e16765b71c7f4fbce.tar.xz
olio-linux-3.10-44c0d2377539fafd1023ec7e16765b71c7f4fbce.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index b14f4d34204..a54f26f82eb 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -61,6 +61,15 @@ int create_user_ns(struct cred *new)
 	kgid_t group = new->egid;
 	int ret;
 
+	/*
+	 * Verify that we can not violate the policy of which files
+	 * may be accessed that is specified by the root directory,
+	 * by verifing that the root directory is at the root of the
+	 * mount namespace which allows all files to be accessed.
+	 */
+	if (current_chrooted())
+		return -EPERM;
+
 	/* The creator needs a mapping in the parent user namespace
 	 * or else we won't be able to reasonably tell userspace who
 	 * created a user_namespace.
@@ -87,6 +96,8 @@ int create_user_ns(struct cred *new)
 
 	set_cred_user_ns(new, ns);
 
+	update_mnt_policy(ns);
+
 	return 0;
 }
author	Arnd Bergmann <arnd@arndb.de>	2013-04-09 15:29:20 +0200
committer	Arnd Bergmann <arnd@arndb.de>	2013-04-09 15:29:43 +0200
commit	44c0d2377539fafd1023ec7e16765b71c7f4fbce (patch)
tree	49065c2af83c723f150bf636939790ad3108a897 /kernel/user_namespace.c
parent	8024206dbf4e0701f0cdf259a122ea23db3a7a16 (diff)
parent	07961ac7c0ee8b546658717034fe692fd12eefa9 (diff)
download	olio-linux-3.10-44c0d2377539fafd1023ec7e16765b71c7f4fbce.tar.xz olio-linux-3.10-44c0d2377539fafd1023ec7e16765b71c7f4fbce.zip