1 files changed, 15 insertions, 0 deletions

diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 8b650837083e..a54f26f82eb2 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -21,6 +21,7 @@
 #include <linux/uaccess.h>
 #include <linux/ctype.h>
 #include <linux/projid.h>
+#include <linux/fs_struct.h>
 
 static struct kmem_cache *user_ns_cachep __read_mostly;
 
@@ -60,6 +61,15 @@ int create_user_ns(struct cred *new)
         kgid_t group = new->egid;
         int ret;
 
+        /*
+         * Verify that we can not violate the policy of which files
+         * may be accessed that is specified by the root directory,
+         * by verifing that the root directory is at the root of the
+         * mount namespace which allows all files to be accessed.
+         */
+        if (current_chrooted())
+                return -EPERM;
+
         /* The creator needs a mapping in the parent user namespace
          * or else we won't be able to reasonably tell userspace who
          * created a user_namespace.
@@ -86,6 +96,8 @@ int create_user_ns(struct cred *new)
 
         set_cred_user_ns(new, ns);
 
+        update_mnt_policy(ns);
+
         return 0;
 }
 
@@ -837,6 +849,9 @@ static int userns_install(struct nsproxy *nsproxy, void *ns)
         if (atomic_read(&current->mm->mm_users) > 1)
                 return -EINVAL;
 
+        if (current->fs->users != 1)
+                return -EINVAL;
+
         if (!ns_capable(user_ns, CAP_SYS_ADMIN))
                 return -EPERM;