diff options
Diffstat (limited to 'ipc')
| -rw-r--r-- | ipc/mqueue.c | 20 | ||||
| -rw-r--r-- | ipc/namespace.c | 5 |
2 files changed, 12 insertions, 13 deletions
diff --git a/ipc/mqueue.c b/ipc/mqueue.c index ade739f67f1d..0b13ace266f2 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c | |||
| @@ -305,8 +305,9 @@ err: | |||
| 305 | static int mqueue_fill_super(struct super_block *sb, void *data, int silent) | 305 | static int mqueue_fill_super(struct super_block *sb, void *data, int silent) |
| 306 | { | 306 | { |
| 307 | struct inode *inode; | 307 | struct inode *inode; |
| 308 | struct ipc_namespace *ns = data; | 308 | struct ipc_namespace *ns = sb->s_fs_info; |
| 309 | 309 | ||
| 310 | sb->s_iflags |= SB_I_NOEXEC | SB_I_NODEV; | ||
| 310 | sb->s_blocksize = PAGE_SIZE; | 311 | sb->s_blocksize = PAGE_SIZE; |
| 311 | sb->s_blocksize_bits = PAGE_SHIFT; | 312 | sb->s_blocksize_bits = PAGE_SHIFT; |
| 312 | sb->s_magic = MQUEUE_MAGIC; | 313 | sb->s_magic = MQUEUE_MAGIC; |
| @@ -326,17 +327,14 @@ static struct dentry *mqueue_mount(struct file_system_type *fs_type, | |||
| 326 | int flags, const char *dev_name, | 327 | int flags, const char *dev_name, |
| 327 | void *data) | 328 | void *data) |
| 328 | { | 329 | { |
| 329 | if (!(flags & MS_KERNMOUNT)) { | 330 | struct ipc_namespace *ns; |
| 330 | struct ipc_namespace *ns = current->nsproxy->ipc_ns; | 331 | if (flags & MS_KERNMOUNT) { |
| 331 | /* Don't allow mounting unless the caller has CAP_SYS_ADMIN | 332 | ns = data; |
| 332 | * over the ipc namespace. | 333 | data = NULL; |
| 333 | */ | 334 | } else { |
| 334 | if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN)) | 335 | ns = current->nsproxy->ipc_ns; |
| 335 | return ERR_PTR(-EPERM); | ||
| 336 | |||
| 337 | data = ns; | ||
| 338 | } | 336 | } |
| 339 | return mount_ns(fs_type, flags, data, mqueue_fill_super); | 337 | return mount_ns(fs_type, flags, data, ns, ns->user_ns, mqueue_fill_super); |
| 340 | } | 338 | } |
| 341 | 339 | ||
| 342 | static void init_once(void *foo) | 340 | static void init_once(void *foo) |
diff --git a/ipc/namespace.c b/ipc/namespace.c index 068caf18d565..04cb07eb81f1 100644 --- a/ipc/namespace.c +++ b/ipc/namespace.c | |||
| @@ -34,8 +34,11 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns, | |||
| 34 | ns->ns.ops = &ipcns_operations; | 34 | ns->ns.ops = &ipcns_operations; |
| 35 | 35 | ||
| 36 | atomic_set(&ns->count, 1); | 36 | atomic_set(&ns->count, 1); |
| 37 | ns->user_ns = get_user_ns(user_ns); | ||
| 38 | |||
| 37 | err = mq_init_ns(ns); | 39 | err = mq_init_ns(ns); |
| 38 | if (err) { | 40 | if (err) { |
| 41 | put_user_ns(ns->user_ns); | ||
| 39 | ns_free_inum(&ns->ns); | 42 | ns_free_inum(&ns->ns); |
| 40 | kfree(ns); | 43 | kfree(ns); |
| 41 | return ERR_PTR(err); | 44 | return ERR_PTR(err); |
| @@ -46,8 +49,6 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns, | |||
| 46 | msg_init_ns(ns); | 49 | msg_init_ns(ns); |
| 47 | shm_init_ns(ns); | 50 | shm_init_ns(ns); |
| 48 | 51 | ||
| 49 | ns->user_ns = get_user_ns(user_ns); | ||
| 50 | |||
| 51 | return ns; | 52 | return ns; |
| 52 | } | 53 | } |
| 53 | 54 | ||