Merge branch 'linus' into timers/core

Reason: Get upstream fixes before adding conflicting code. Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
author: Thomas Gleixner <tglx@linutronix.de> 2013-04-24 20:33:46 +0200
committer: Thomas Gleixner <tglx@linutronix.de> 2013-04-24 20:33:54 +0200
commit: 6402c7dc2a19c19bd8cdc7d80878b850da418942 (patch)
tree: cda2ea2df40442e2aa016119f3548cc504127ea8 /ipc/mqueue.c
parent: timekeeping: Update tk->cycle_last in resume (diff)
parent: Linux 3.9-rc8 (diff)
download: linux-6402c7dc2a19c19bd8cdc7d80878b850da418942.tar.gz
linux-6402c7dc2a19c19bd8cdc7d80878b850da418942.zip
1 files changed, 12 insertions, 3 deletions
diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index e5c4f609f22c..e4e47f647446 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -330,8 +330,16 @@ static struct dentry *mqueue_mount(struct file_system_type *fs_type,
 			 int flags, const char *dev_name,
 			 void *data)
 {
-	if (!(flags & MS_KERNMOUNT))
-		data = current->nsproxy->ipc_ns;
+	if (!(flags & MS_KERNMOUNT)) {
+		struct ipc_namespace *ns = current->nsproxy->ipc_ns;
+		/* Don't allow mounting unless the caller has CAP_SYS_ADMIN
+		 * over the ipc namespace.
+		 */
+		if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN))
+			return ERR_PTR(-EPERM);
+
+		data = ns;
+	}
 	return mount_ns(fs_type, flags, data, mqueue_fill_super);
 }
 
@@ -840,7 +848,8 @@ out_putfd:
 		fd = error;
 	}
 	mutex_unlock(&root->d_inode->i_mutex);
-	mnt_drop_write(mnt);
+	if (!ro)
+		mnt_drop_write(mnt);
 out_putname:
 	putname(name);
 	return fd;
author	Thomas Gleixner <tglx@linutronix.de>	2013-04-24 20:33:46 +0200
committer	Thomas Gleixner <tglx@linutronix.de>	2013-04-24 20:33:54 +0200
commit	6402c7dc2a19c19bd8cdc7d80878b850da418942 (patch)
tree	cda2ea2df40442e2aa016119f3548cc504127ea8 /ipc/mqueue.c
parent	timekeeping: Update tk->cycle_last in resume (diff)
parent	Linux 3.9-rc8 (diff)
download	linux-6402c7dc2a19c19bd8cdc7d80878b850da418942.tar.gz linux-6402c7dc2a19c19bd8cdc7d80878b850da418942.zip