Merge v3.9-rc5 into char-misc-next

This picks up the fixes in 3.9-rc5 that we need here. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2013-04-01 10:50:58 -0700
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2013-04-01 10:50:58 -0700
commit: 974857266aae29c371ac2313ab520616335caec9 (patch)
tree: 9c2c67433a2783f29fe1f99cf44380b4fbb725af /kernel/user_namespace.c
parent: 5ed0505c713805f89473cdc0bbfb5110dfd840cb (diff)
parent: 07961ac7c0ee8b546658717034fe692fd12eefa9 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index b14f4d342043..a54f26f82eb2 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -61,6 +61,15 @@ int create_user_ns(struct cred *new)
 	kgid_t group = new->egid;
 	int ret;
 
+	/*
+	 * Verify that we can not violate the policy of which files
+	 * may be accessed that is specified by the root directory,
+	 * by verifing that the root directory is at the root of the
+	 * mount namespace which allows all files to be accessed.
+	 */
+	if (current_chrooted())
+		return -EPERM;
+
 	/* The creator needs a mapping in the parent user namespace
 	 * or else we won't be able to reasonably tell userspace who
 	 * created a user_namespace.
@@ -87,6 +96,8 @@ int create_user_ns(struct cred *new)
 
 	set_cred_user_ns(new, ns);
 
+	update_mnt_policy(ns);
+
 	return 0;
 }
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2013-04-01 10:50:58 -0700
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2013-04-01 10:50:58 -0700
commit	974857266aae29c371ac2313ab520616335caec9 (patch)
tree	9c2c67433a2783f29fe1f99cf44380b4fbb725af /kernel/user_namespace.c
parent	5ed0505c713805f89473cdc0bbfb5110dfd840cb (diff)
parent	07961ac7c0ee8b546658717034fe692fd12eefa9 (diff)