diff options
Diffstat (limited to 'fs/namespace.c')
| -rw-r--r-- | fs/namespace.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/fs/namespace.c b/fs/namespace.c index 8505b5ece5de..968d4c5eae03 100644 --- a/fs/namespace.c +++ b/fs/namespace.c | |||
| @@ -798,6 +798,10 @@ static struct mount *clone_mnt(struct mount *old, struct dentry *root, | |||
| 798 | } | 798 | } |
| 799 | 799 | ||
| 800 | mnt->mnt.mnt_flags = old->mnt.mnt_flags & ~MNT_WRITE_HOLD; | 800 | mnt->mnt.mnt_flags = old->mnt.mnt_flags & ~MNT_WRITE_HOLD; |
| 801 | /* Don't allow unprivileged users to change mount flags */ | ||
| 802 | if ((flag & CL_UNPRIVILEGED) && (mnt->mnt.mnt_flags & MNT_READONLY)) | ||
| 803 | mnt->mnt.mnt_flags |= MNT_LOCK_READONLY; | ||
| 804 | |||
| 801 | atomic_inc(&sb->s_active); | 805 | atomic_inc(&sb->s_active); |
| 802 | mnt->mnt.mnt_sb = sb; | 806 | mnt->mnt.mnt_sb = sb; |
| 803 | mnt->mnt.mnt_root = dget(root); | 807 | mnt->mnt.mnt_root = dget(root); |
| @@ -2342,7 +2346,7 @@ static struct mnt_namespace *dup_mnt_ns(struct mnt_namespace *mnt_ns, | |||
| 2342 | /* First pass: copy the tree topology */ | 2346 | /* First pass: copy the tree topology */ |
| 2343 | copy_flags = CL_COPY_ALL | CL_EXPIRE; | 2347 | copy_flags = CL_COPY_ALL | CL_EXPIRE; |
| 2344 | if (user_ns != mnt_ns->user_ns) | 2348 | if (user_ns != mnt_ns->user_ns) |
| 2345 | copy_flags |= CL_SHARED_TO_SLAVE; | 2349 | copy_flags |= CL_SHARED_TO_SLAVE | CL_UNPRIVILEGED; |
| 2346 | new = copy_tree(old, old->mnt.mnt_root, copy_flags); | 2350 | new = copy_tree(old, old->mnt.mnt_root, copy_flags); |
| 2347 | if (IS_ERR(new)) { | 2351 | if (IS_ERR(new)) { |
| 2348 | up_write(&namespace_sem); | 2352 | up_write(&namespace_sem); |