locks: Don't allow mounts in user namespaces to enable mandatory locking Since no one uses mandatory locking and files with mandatory locks can cause problems don't allow them in user namespaces. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Jeff Layton <jeff.layton@primarydata.com>

commit: 95ace75414f312f9a7b93d873f386987b92a5301 [log] [tgz]
author: Eric W. Biederman <ebiederm@xmission.com> Wed Nov 11 17:22:33 2015 -0600
committer: Jeff Layton <jeff.layton@primarydata.com> Mon Nov 16 10:01:34 2015 -0500
tree: 90ed4c98c2ac53a928050ec322e7e644401c2fc5
parent: 9e8925b67a809bb27ce4b7d352d67f25cf1d7fc5 [diff] [blame]
diff --git a/fs/namespace.c b/fs/namespace.c
index 4219885..4d2c8f64 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c

@@ -1589,7 +1589,7 @@
 #ifndef	CONFIG_MANDATORY_FILE_LOCKING
 	return false;
 #endif
-	return true;
+	return capable(CAP_SYS_ADMIN);
 }
 
 /*
commit	95ace75414f312f9a7b93d873f386987b92a5301	[log] [tgz]
author	Eric W. Biederman <ebiederm@xmission.com>	Wed Nov 11 17:22:33 2015 -0600
committer	Jeff Layton <jeff.layton@primarydata.com>	Mon Nov 16 10:01:34 2015 -0500
tree	90ed4c98c2ac53a928050ec322e7e644401c2fc5
parent	9e8925b67a809bb27ce4b7d352d67f25cf1d7fc5 [diff] [blame]