From 64416fc6a213f58b36e50c8f36449871c435932d Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Thu, 21 Mar 2013 18:13:15 -0700
Subject: [PATCH] --- yaml --- r: 361883 b: refs/heads/master c:
 a636b702ed1805e988ad3d8ff8b52c060f8b341c h: refs/heads/master i:   361881:
 8a50d3a10d8cc21dcb5c99f0e538fa5d31997e8b   361879:
 346a1672573a4d69297f7166559aa3a428d9dbc0 v: v3

---
 [refs]             |  2 +-
 trunk/ipc/mqueue.c | 12 ++++++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/[refs] b/[refs]
index af45197cf783..5e3707847692 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 132c94e31b8bca8ea921f9f96a57d684fa4ae0a9
+refs/heads/master: a636b702ed1805e988ad3d8ff8b52c060f8b341c
diff --git a/trunk/ipc/mqueue.c b/trunk/ipc/mqueue.c
index e5c4f609f22c..c4ae32ec6c6b 100644
--- a/trunk/ipc/mqueue.c
+++ b/trunk/ipc/mqueue.c
@@ -330,8 +330,16 @@ static struct dentry *mqueue_mount(struct file_system_type *fs_type,
 			 int flags, const char *dev_name,
 			 void *data)
 {
-	if (!(flags & MS_KERNMOUNT))
-		data = current->nsproxy->ipc_ns;
+	if (!(flags & MS_KERNMOUNT)) {
+		struct ipc_namespace *ns = current->nsproxy->ipc_ns;
+		/* Don't allow mounting unless the caller has CAP_SYS_ADMIN
+		 * over the ipc namespace.
+		 */
+		if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN))
+			return ERR_PTR(-EPERM);
+
+		data = ns;
+	}
 	return mount_ns(fs_type, flags, data, mqueue_fill_super);
 }