projects
/
platform
/
kernel
/
linux-starfive.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
nfsd: return error if nfs4_setacl fails
[platform/kernel/linux-starfive.git]
/
fs
/
namespace.c
diff --git
a/fs/namespace.c
b/fs/namespace.c
index
68789f8
..
df137ba
100644
(file)
--- a/
fs/namespace.c
+++ b/
fs/namespace.c
@@
-4238,6
+4238,13
@@
static int build_mount_idmapped(const struct mount_attr *attr, size_t usize,
err = -EPERM;
goto out_fput;
}
+
+ /* We're not controlling the target namespace. */
+ if (!ns_capable(mnt_userns, CAP_SYS_ADMIN)) {
+ err = -EPERM;
+ goto out_fput;
+ }
+
kattr->mnt_userns = get_user_ns(mnt_userns);
out_fput: