1 files changed, 30 insertions, 1 deletions

diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index 6456439cbbd9..2e9a3132b8dd 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -381,6 +381,21 @@ struct net *get_net_ns_by_pid(pid_t pid)
 }
 EXPORT_SYMBOL_GPL(get_net_ns_by_pid);
 
+static __net_init int net_ns_net_init(struct net *net)
+{
+        return proc_alloc_inum(&net->proc_inum);
+}
+
+static __net_exit void net_ns_net_exit(struct net *net)
+{
+        proc_free_inum(net->proc_inum);
+}
+
+static struct pernet_operations __net_initdata net_ns_ops = {
+        .init = net_ns_net_init,
+        .exit = net_ns_net_exit,
+};
+
 static int __init net_ns_init(void)
 {
         struct net_generic *ng;
@@ -412,6 +427,8 @@ static int __init net_ns_init(void)
 
         mutex_unlock(&net_mutex);
 
+        register_pernet_subsys(&net_ns_ops);
+
         return 0;
 }
 
@@ -630,16 +647,28 @@ static void netns_put(void *ns)
 
 static int netns_install(struct nsproxy *nsproxy, void *ns)
 {
+        struct net *net = ns;
+
+        if (!ns_capable(net->user_ns, CAP_SYS_ADMIN))
+                return -EPERM;
+
         put_net(nsproxy->net_ns);
-        nsproxy->net_ns = get_net(ns);
+        nsproxy->net_ns = get_net(net);
         return 0;
 }
 
+static unsigned int netns_inum(void *ns)
+{
+        struct net *net = ns;
+        return net->proc_inum;
+}
+
 const struct proc_ns_operations netns_operations = {
         .name           = "net",
         .type           = CLONE_NEWNET,
         .get            = netns_get,
         .put            = netns_put,
         .install        = netns_install,
+        .inum           = netns_inum,
 };
 #endif