diff options
Diffstat (limited to 'ipc/mqueue.c')
| -rw-r--r-- | ipc/mqueue.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/ipc/mqueue.c b/ipc/mqueue.c index e5c4f609f22c..e4e47f647446 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c | |||
| @@ -330,8 +330,16 @@ static struct dentry *mqueue_mount(struct file_system_type *fs_type, | |||
| 330 | int flags, const char *dev_name, | 330 | int flags, const char *dev_name, |
| 331 | void *data) | 331 | void *data) |
| 332 | { | 332 | { |
| 333 | if (!(flags & MS_KERNMOUNT)) | 333 | if (!(flags & MS_KERNMOUNT)) { |
| 334 | data = current->nsproxy->ipc_ns; | 334 | struct ipc_namespace *ns = current->nsproxy->ipc_ns; |
| 335 | /* Don't allow mounting unless the caller has CAP_SYS_ADMIN | ||
| 336 | * over the ipc namespace. | ||
| 337 | */ | ||
| 338 | if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN)) | ||
| 339 | return ERR_PTR(-EPERM); | ||
| 340 | |||
| 341 | data = ns; | ||
| 342 | } | ||
| 335 | return mount_ns(fs_type, flags, data, mqueue_fill_super); | 343 | return mount_ns(fs_type, flags, data, mqueue_fill_super); |
| 336 | } | 344 | } |
| 337 | 345 | ||
| @@ -840,7 +848,8 @@ out_putfd: | |||
| 840 | fd = error; | 848 | fd = error; |
| 841 | } | 849 | } |
| 842 | mutex_unlock(&root->d_inode->i_mutex); | 850 | mutex_unlock(&root->d_inode->i_mutex); |
| 843 | mnt_drop_write(mnt); | 851 | if (!ro) |
| 852 | mnt_drop_write(mnt); | ||
| 844 | out_putname: | 853 | out_putname: |
| 845 | putname(name); | 854 | putname(name); |
| 846 | return fd; | 855 | return fd; |