Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

Conflicts: net/mac80211/sta_info.c net/wireless/core.h Two minor conflicts in wireless. Overlapping additions of extern declarations in net/wireless/core.h and a bug fix overlapping with the addition of a boolean parameter to __ieee80211_key_free(). Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2013-04-01 13:36:50 -0400
committer: David S. Miller <davem@davemloft.net> 2013-04-01 13:36:50 -0400
commit: a210576cf891e9e6d2c238eabcf5c1286b1e7526 (patch)
tree: 0fa81a901cf628b25e6ee79057700cf39e59818a /kernel/user_namespace.c
parent: 7d4c04fc170087119727119074e72445f2bb192b (diff)
parent: 3658f3604066d5500ebd73a04084f127dc779441 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index b14f4d34204..a54f26f82eb 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -61,6 +61,15 @@ int create_user_ns(struct cred *new)
 	kgid_t group = new->egid;
 	int ret;
 
+	/*
+	 * Verify that we can not violate the policy of which files
+	 * may be accessed that is specified by the root directory,
+	 * by verifing that the root directory is at the root of the
+	 * mount namespace which allows all files to be accessed.
+	 */
+	if (current_chrooted())
+		return -EPERM;
+
 	/* The creator needs a mapping in the parent user namespace
 	 * or else we won't be able to reasonably tell userspace who
 	 * created a user_namespace.
@@ -87,6 +96,8 @@ int create_user_ns(struct cred *new)
 
 	set_cred_user_ns(new, ns);
 
+	update_mnt_policy(ns);
+
 	return 0;
 }
author	David S. Miller <davem@davemloft.net>	2013-04-01 13:36:50 -0400
committer	David S. Miller <davem@davemloft.net>	2013-04-01 13:36:50 -0400
commit	a210576cf891e9e6d2c238eabcf5c1286b1e7526 (patch)
tree	0fa81a901cf628b25e6ee79057700cf39e59818a /kernel/user_namespace.c
parent	7d4c04fc170087119727119074e72445f2bb192b (diff)
parent	3658f3604066d5500ebd73a04084f127dc779441 (diff)