summaryrefslogtreecommitdiffstats
path: root/fs/namespace.c
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2015-11-12 00:22:33 +0100
committerJeff Layton <jeff.layton@primarydata.com>2015-11-16 16:01:34 +0100
commit95ace75414f312f9a7b93d873f386987b92a5301 (patch)
tree90ed4c98c2ac53a928050ec322e7e644401c2fc5 /fs/namespace.c
parentlocks: Allow disabling mandatory locking at compile time (diff)
downloadlinux-95ace75414f312f9a7b93d873f386987b92a5301.tar.xz
linux-95ace75414f312f9a7b93d873f386987b92a5301.zip
locks: Don't allow mounts in user namespaces to enable mandatory locking
Since no one uses mandatory locking and files with mandatory locks can cause problems don't allow them in user namespaces. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Jeff Layton <jeff.layton@primarydata.com>
Diffstat (limited to 'fs/namespace.c')
-rw-r--r--fs/namespace.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/namespace.c b/fs/namespace.c
index 4219885e9681..4d2c8f64b7bf 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1589,7 +1589,7 @@ static inline bool may_mandlock(void)
#ifndef CONFIG_MANDATORY_FILE_LOCKING
return false;
#endif
- return true;
+ return capable(CAP_SYS_ADMIN);
}
/*