locks: Don't allow mounts in user namespaces to enable mandatory locking

Since no one uses mandatory locking and files with mandatory locks can
cause problems don't allow them in user namespaces.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Jeff Layton <jeff.layton@primarydata.com>
This commit is contained in:
Eric W. Biederman 2015-11-11 17:22:33 -06:00 committed by Jeff Layton
parent 9e8925b67a
commit 95ace75414

View File

@ -1589,7 +1589,7 @@ static inline bool may_mandlock(void)
#ifndef CONFIG_MANDATORY_FILE_LOCKING
return false;
#endif
return true;
return capable(CAP_SYS_ADMIN);
}
/*