diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2015-11-11 17:22:33 -0600 |
---|---|---|
committer | Jeff Layton <jeff.layton@primarydata.com> | 2015-11-16 10:01:34 -0500 |
commit | 95ace75414f312f9a7b93d873f386987b92a5301 (patch) | |
tree | 90ed4c98c2ac53a928050ec322e7e644401c2fc5 /fs/namespace.c | |
parent | 9e8925b67a809bb27ce4b7d352d67f25cf1d7fc5 (diff) | |
download | op-kernel-dev-95ace75414f312f9a7b93d873f386987b92a5301.zip op-kernel-dev-95ace75414f312f9a7b93d873f386987b92a5301.tar.gz |
locks: Don't allow mounts in user namespaces to enable mandatory locking
Since no one uses mandatory locking and files with mandatory locks can
cause problems don't allow them in user namespaces.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Jeff Layton <jeff.layton@primarydata.com>
Diffstat (limited to 'fs/namespace.c')
-rw-r--r-- | fs/namespace.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/namespace.c b/fs/namespace.c index 4219885..4d2c8f64 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1589,7 +1589,7 @@ static inline bool may_mandlock(void) #ifndef CONFIG_MANDATORY_FILE_LOCKING return false; #endif - return true; + return capable(CAP_SYS_ADMIN); } /* |