From bdae6fc950857b4533bd05444b72fd3eff5ecc67 Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Mon, 10 Sep 2012 23:20:20 -0700
Subject: [PATCH] --- yaml --- r: 327249 b: refs/heads/master c:
 34e36d8ecbd958bc15f8e63deade1227de337eb1 h: refs/heads/master i:   327247:
 a78b84fd369785e7810e0669b8aba8267ac9d330 v: v3

---
 [refs]               | 2 +-
 trunk/kernel/audit.c | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/[refs] b/[refs]
index 8f6a216acead..760f56276e86 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: c6089735e7243a10faad676680c6e18d50959f74
+refs/heads/master: 34e36d8ecbd958bc15f8e63deade1227de337eb1
diff --git a/trunk/kernel/audit.c b/trunk/kernel/audit.c
index ea3b7b6191c7..7b7268e3073b 100644
--- a/trunk/kernel/audit.c
+++ b/trunk/kernel/audit.c
@@ -61,6 +61,7 @@
 #include <linux/netlink.h>
 #include <linux/freezer.h>
 #include <linux/tty.h>
+#include <linux/pid_namespace.h>
 
 #include "audit.h"
 
@@ -588,6 +589,11 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)
 {
 	int err = 0;
 
+	/* Only support the initial namespaces for now. */
+	if ((current_user_ns() != &init_user_ns) ||
+	    (task_active_pid_ns(current) != &init_pid_ns))
+		return -EPERM;
+
 	switch (msg_type) {
 	case AUDIT_GET:
 	case AUDIT_LIST: