diff options
Diffstat (limited to 'fs/namespace.c')
| -rw-r--r-- | fs/namespace.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/fs/namespace.c b/fs/namespace.c index 33a75c8e9fcb..a830e1463704 100644 --- a/fs/namespace.c +++ b/fs/namespace.c | |||
| @@ -1584,6 +1584,14 @@ static inline bool may_mount(void) | |||
| 1584 | return ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN); | 1584 | return ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN); |
| 1585 | } | 1585 | } |
| 1586 | 1586 | ||
| 1587 | static inline bool may_mandlock(void) | ||
| 1588 | { | ||
| 1589 | #ifndef CONFIG_MANDATORY_FILE_LOCKING | ||
| 1590 | return false; | ||
| 1591 | #endif | ||
| 1592 | return capable(CAP_SYS_ADMIN); | ||
| 1593 | } | ||
| 1594 | |||
| 1587 | /* | 1595 | /* |
| 1588 | * Now umount can handle mount points as well as block devices. | 1596 | * Now umount can handle mount points as well as block devices. |
| 1589 | * This is important for filesystems which use unnamed block devices. | 1597 | * This is important for filesystems which use unnamed block devices. |
| @@ -2676,6 +2684,8 @@ long do_mount(const char *dev_name, const char __user *dir_name, | |||
| 2676 | type_page, flags, data_page); | 2684 | type_page, flags, data_page); |
| 2677 | if (!retval && !may_mount()) | 2685 | if (!retval && !may_mount()) |
| 2678 | retval = -EPERM; | 2686 | retval = -EPERM; |
| 2687 | if (!retval && (flags & MS_MANDLOCK) && !may_mandlock()) | ||
| 2688 | retval = -EPERM; | ||
| 2679 | if (retval) | 2689 | if (retval) |
| 2680 | goto dput_out; | 2690 | goto dput_out; |
| 2681 | 2691 | ||