locks: Don't allow mounts in user namespaces to enable mandatory locking

Since no one uses mandatory locking and files with mandatory locks can cause problems don't allow them in user namespaces. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Jeff Layton <jeff.layton@primarydata.com>
author: Eric W. Biederman <ebiederm@xmission.com> 2015-11-11 18:22:33 -0500
committer: Jeff Layton <jeff.layton@primarydata.com> 2015-11-16 10:01:34 -0500
commit: 95ace75414f312f9a7b93d873f386987b92a5301 (patch)
tree: 90ed4c98c2ac53a928050ec322e7e644401c2fc5
parent: 9e8925b67a809bb27ce4b7d352d67f25cf1d7fc5 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/namespace.c b/fs/namespace.c
index 4219885e9681..4d2c8f64b7bf 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1589,7 +1589,7 @@ static inline bool may_mandlock(void)
 #ifndef CONFIG_MANDATORY_FILE_LOCKING
        return false;
 #endif
-        return true;
+        return capable(CAP_SYS_ADMIN);
 }
 /*
author	Eric W. Biederman <ebiederm@xmission.com>	2015-11-11 18:22:33 -0500
committer	Jeff Layton <jeff.layton@primarydata.com>	2015-11-16 10:01:34 -0500
commit	95ace75414f312f9a7b93d873f386987b92a5301 (patch)
tree	90ed4c98c2ac53a928050ec322e7e644401c2fc5
parent	9e8925b67a809bb27ce4b7d352d67f25cf1d7fc5 (diff)

diff --git a/fs/namespace.c b/fs/namespace.c index 4219885e9681..4d2c8f64b7bf 100644 --- a/fs/namespace.c +++ b/fs/namespace.c
@@ -1589,7 +1589,7 @@ static inline bool may_mandlock(void)
1589	#ifndef CONFIG_MANDATORY_FILE_LOCKING	1589	#ifndef CONFIG_MANDATORY_FILE_LOCKING
1590	return false;	1590	return false;
1591	#endif	1591	#endif
1592	return true;	1592	return capable(CAP_SYS_ADMIN);
1593	}	1593	}
1594		1594
1595	/*	1595	/*