Merge 3.9-rc5 into tty-next

We need the fixes here as well. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2013-04-01 12:01:10 -0700
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2013-04-01 12:01:10 -0700
commit: ef99f3aee9641d10a7c80d4803d2f0f004c797ca (patch)
tree: 83f14ccef66db48fc4178bd8b973462006de86b8 /kernel/user_namespace.c
parent: cb06ff102e2d79a82cf780aa5e6947b2e0529ac0 (diff)
parent: 07961ac7c0ee8b546658717034fe692fd12eefa9 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index b14f4d342043..a54f26f82eb2 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -61,6 +61,15 @@ int create_user_ns(struct cred *new)
 	kgid_t group = new->egid;
 	int ret;
 
+	/*
+	 * Verify that we can not violate the policy of which files
+	 * may be accessed that is specified by the root directory,
+	 * by verifing that the root directory is at the root of the
+	 * mount namespace which allows all files to be accessed.
+	 */
+	if (current_chrooted())
+		return -EPERM;
+
 	/* The creator needs a mapping in the parent user namespace
 	 * or else we won't be able to reasonably tell userspace who
 	 * created a user_namespace.
@@ -87,6 +96,8 @@ int create_user_ns(struct cred *new)
 
 	set_cred_user_ns(new, ns);
 
+	update_mnt_policy(ns);
+
 	return 0;
 }
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2013-04-01 12:01:10 -0700
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2013-04-01 12:01:10 -0700
commit	ef99f3aee9641d10a7c80d4803d2f0f004c797ca (patch)
tree	83f14ccef66db48fc4178bd8b973462006de86b8 /kernel/user_namespace.c
parent	cb06ff102e2d79a82cf780aa5e6947b2e0529ac0 (diff)
parent	07961ac7c0ee8b546658717034fe692fd12eefa9 (diff)