diff --git a/[refs] b/[refs]
index 8f6a216acead..760f56276e86 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: c6089735e7243a10faad676680c6e18d50959f74
+refs/heads/master: 34e36d8ecbd958bc15f8e63deade1227de337eb1
diff --git a/trunk/kernel/audit.c b/trunk/kernel/audit.c
index ea3b7b6191c7..7b7268e3073b 100644
--- a/trunk/kernel/audit.c
+++ b/trunk/kernel/audit.c
@@ -61,6 +61,7 @@
 #include <linux/netlink.h>
 #include <linux/freezer.h>
 #include <linux/tty.h>
+#include <linux/pid_namespace.h>
 
 #include "audit.h"
 
@@ -588,6 +589,11 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)
 {
 	int err = 0;
 
+	/* Only support the initial namespaces for now. */
+	if ((current_user_ns() != &init_user_ns) ||
+	    (task_active_pid_ns(current) != &init_pid_ns))
+		return -EPERM;
+
 	switch (msg_type) {
 	case AUDIT_GET:
 	case AUDIT_LIST: