Skip to content

Commit

Permalink
locks: Don't allow mounts in user namespaces to enable mandatory locking
Browse files Browse the repository at this point in the history 
Since no one uses mandatory locking and files with mandatory locks can
cause problems don't allow them in user namespaces.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Jeff Layton <jeff.layton@primarydata.com>
  • Loading branch information
Eric W. Biederman authored and Jeff Layton committed Nov 16, 2015
1 parent 9e8925b commit 95ace75
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion fs/namespace.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1589,7 +1589,7 @@ static inline bool may_mandlock(void)
#ifndef CONFIG_MANDATORY_FILE_LOCKING
return false;
#endif
return true;
return capable(CAP_SYS_ADMIN);
}

/*
Expand Down

0 comments on commit 95ace75

Please sign in to comment.