5 files changed, 10 insertions, 5 deletions

diff --git a/fs/namespace.c b/fs/namespace.c
index c1bbe86f4920..398a50ff2438 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2781,7 +2781,8 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns)
         struct path root;
 
         if (!ns_capable(mnt_ns->user_ns, CAP_SYS_ADMIN) ||
-            !nsown_capable(CAP_SYS_CHROOT))
+            !nsown_capable(CAP_SYS_CHROOT) ||
+            !nsown_capable(CAP_SYS_ADMIN))
                 return -EPERM;
 
         if (fs->users != 1)
diff --git a/ipc/namespace.c b/ipc/namespace.c
index cf3386a51de2..7c1fa451b0b0 100644
--- a/ipc/namespace.c
+++ b/ipc/namespace.c
@@ -170,7 +170,8 @@ static void ipcns_put(void *ns)
 static int ipcns_install(struct nsproxy *nsproxy, void *new)
 {
         struct ipc_namespace *ns = new;
-        if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN))
+        if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) ||
+            !nsown_capable(CAP_SYS_ADMIN))
                 return -EPERM;
 
         /* Ditch state from the old ipc namespace */
diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
index 560da0dab230..fdbd0cdf271a 100644
--- a/kernel/pid_namespace.c
+++ b/kernel/pid_namespace.c
@@ -325,7 +325,8 @@ static int pidns_install(struct nsproxy *nsproxy, void *ns)
         struct pid_namespace *active = task_active_pid_ns(current);
         struct pid_namespace *ancestor, *new = ns;
 
-        if (!ns_capable(new->user_ns, CAP_SYS_ADMIN))
+        if (!ns_capable(new->user_ns, CAP_SYS_ADMIN) ||
+            !nsown_capable(CAP_SYS_ADMIN))
                 return -EPERM;
 
         /*
diff --git a/kernel/utsname.c b/kernel/utsname.c
index f6336d51d64c..08b197e8c485 100644
--- a/kernel/utsname.c
+++ b/kernel/utsname.c
@@ -113,7 +113,8 @@ static int utsns_install(struct nsproxy *nsproxy, void *new)
 {
         struct uts_namespace *ns = new;
 
-        if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN))
+        if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) ||
+            !nsown_capable(CAP_SYS_ADMIN))
                 return -EPERM;
 
         get_uts_ns(ns);
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index 2e9a3132b8dd..8acce01b6dab 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -649,7 +649,8 @@ static int netns_install(struct nsproxy *nsproxy, void *ns)
 {
         struct net *net = ns;
 
-        if (!ns_capable(net->user_ns, CAP_SYS_ADMIN))
+        if (!ns_capable(net->user_ns, CAP_SYS_ADMIN) ||
+            !nsown_capable(CAP_SYS_ADMIN))
                 return -EPERM;
 
         put_net(nsproxy->net_ns);