diff options
Diffstat (limited to 'kernel/audit.c')
| -rw-r--r-- | kernel/audit.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index ea3b7b6191c7..7b7268e3073b 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
| @@ -61,6 +61,7 @@ | |||
| 61 | #include <linux/netlink.h> | 61 | #include <linux/netlink.h> |
| 62 | #include <linux/freezer.h> | 62 | #include <linux/freezer.h> |
| 63 | #include <linux/tty.h> | 63 | #include <linux/tty.h> |
| 64 | #include <linux/pid_namespace.h> | ||
| 64 | 65 | ||
| 65 | #include "audit.h" | 66 | #include "audit.h" |
| 66 | 67 | ||
| @@ -588,6 +589,11 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type) | |||
| 588 | { | 589 | { |
| 589 | int err = 0; | 590 | int err = 0; |
| 590 | 591 | ||
| 592 | /* Only support the initial namespaces for now. */ | ||
| 593 | if ((current_user_ns() != &init_user_ns) || | ||
| 594 | (task_active_pid_ns(current) != &init_pid_ns)) | ||
| 595 | return -EPERM; | ||
| 596 | |||
| 591 | switch (msg_type) { | 597 | switch (msg_type) { |
| 592 | case AUDIT_GET: | 598 | case AUDIT_GET: |
| 593 | case AUDIT_LIST: | 599 | case AUDIT_LIST: |