Merge tag 'v3.9-rc5' into next/cleanup

This is a dependency for the mxs/cleanup branch. Signed-off-by: Arnd Bergmann <arnd@arndb.de>
author: Arnd Bergmann 2013-04-09 15:29:20 +0200
committer: Arnd Bergmann 2013-04-09 15:29:43 +0200
commit: 44c0d2377539fafd1023ec7e16765b71c7f4fbce (patch)
tree: 49065c2af83c723f150bf636939790ad3108a897 /ipc/mqueue.c
parent: 8024206dbf4e0701f0cdf259a122ea23db3a7a16 (diff)
parent: 07961ac7c0ee8b546658717034fe692fd12eefa9 (diff)
1 files changed, 12 insertions, 3 deletions
diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index e5c4f609f22c..e4e47f647446 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -330,8 +330,16 @@ static struct dentry *mqueue_mount(struct file_system_type *fs_type,
 			 int flags, const char *dev_name,
 			 void *data)
 {
-	if (!(flags & MS_KERNMOUNT))
-		data = current->nsproxy->ipc_ns;
+	if (!(flags & MS_KERNMOUNT)) {
+		struct ipc_namespace *ns = current->nsproxy->ipc_ns;
+		/* Don't allow mounting unless the caller has CAP_SYS_ADMIN
+		 * over the ipc namespace.
+		 */
+		if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN))
+			return ERR_PTR(-EPERM);
+
+		data = ns;
+	}
 	return mount_ns(fs_type, flags, data, mqueue_fill_super);
 }
 
@@ -840,7 +848,8 @@ out_putfd:
 		fd = error;
 	}
 	mutex_unlock(&root->d_inode->i_mutex);
-	mnt_drop_write(mnt);
+	if (!ro)
+		mnt_drop_write(mnt);
 out_putname:
 	putname(name);
 	return fd;
author	Arnd Bergmann	2013-04-09 15:29:20 +0200
committer	Arnd Bergmann	2013-04-09 15:29:43 +0200
commit	44c0d2377539fafd1023ec7e16765b71c7f4fbce (patch)
tree	49065c2af83c723f150bf636939790ad3108a897 /ipc/mqueue.c
parent	8024206dbf4e0701f0cdf259a122ea23db3a7a16 (diff)
parent	07961ac7c0ee8b546658717034fe692fd12eefa9 (diff)