forked from luck/tmp_suning_uos_patched
locks: Don't allow mounts in user namespaces to enable mandatory locking
Since no one uses mandatory locking and files with mandatory locks can cause problems don't allow them in user namespaces. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Jeff Layton <jeff.layton@primarydata.com>
This commit is contained in:
parent
9e8925b67a
commit
95ace75414
|
@ -1589,7 +1589,7 @@ static inline bool may_mandlock(void)
|
|||
#ifndef CONFIG_MANDATORY_FILE_LOCKING
|
||||
return false;
|
||||
#endif
|
||||
return true;
|
||||
return capable(CAP_SYS_ADMIN);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
Loading…
Reference in New Issue
Block a user