X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=kernel%2Fuser_namespace.c;h=a54f26f82eb250a60c7f24ecc651c6c1bbf8cc88;hb=4c82456eeb4da081dd63dc69e91aa6deabd29e03;hp=b14f4d3420439ca629be08494ef417e734513499;hpb=f8966048c128eff4f57f7c9e7f71360ebd10e1a9;p=platform%2Fadaptation%2Frenesas_rcar%2Frenesas_kernel.git

diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index b14f4d3..a54f26f 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -61,6 +61,15 @@ int create_user_ns(struct cred *new)
 	kgid_t group = new->egid;
 	int ret;
 
+	/*
+	 * Verify that we can not violate the policy of which files
+	 * may be accessed that is specified by the root directory,
+	 * by verifing that the root directory is at the root of the
+	 * mount namespace which allows all files to be accessed.
+	 */
+	if (current_chrooted())
+		return -EPERM;
+
 	/* The creator needs a mapping in the parent user namespace
 	 * or else we won't be able to reasonably tell userspace who
 	 * created a user_namespace.
@@ -87,6 +96,8 @@ int create_user_ns(struct cred *new)
 
 	set_cred_user_ns(new, ns);
 
+	update_mnt_policy(ns);
+
 	return 0;
 }