afs: Only allow mounting afs in the intial network namespace

rxrpc sockets only work in the initial network namespace so it isn't possible to support afs in any other network namespace. Cc: David Howells <dhowells@redhat.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
author: Eric W. Biederman <ebiederm@xmission.com> 2013-01-31 04:23:54 -0800
committer: Eric W. Biederman <ebiederm@xmission.com> 2013-02-13 06:00:38 -0800
commit: f74f70f8b10b435f5f20247e70d1d86b53a59685 (patch)
tree: 0ba5bd2d8e1f3cb795c66e134c7bc1d4572016aa
parent: 66fdb93f882d21612a5287cd1303c9b1391ebf5d (diff)
download: user-namespace-f74f70f8b10b435f5f20247e70d1d86b53a59685.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/fs/afs/super.c b/fs/afs/super.c
index 43165009428da..7c31ec3995758 100644
--- a/fs/afs/super.c
+++ b/fs/afs/super.c
@@ -24,6 +24,8 @@
 #include <linux/parser.h>
 #include <linux/statfs.h>
 #include <linux/sched.h>
+#include <linux/nsproxy.h>
+#include <net/net_namespace.h>
 #include "internal.h"
 
 #define AFS_FS_MAGIC 0x6B414653 /* 'kAFS' */
@@ -363,6 +365,10 @@ static struct dentry *afs_mount(struct file_system_type *fs_type,
 
 	memset(&params, 0, sizeof(params));
 
+	ret = -EINVAL;
+	if (current->nsproxy->net_ns != &init_net)
+		goto error;
+
 	/* parse the options and device name */
 	if (options) {
 		ret = afs_parse_options(&params, options, &dev_name);
author	Eric W. Biederman <ebiederm@xmission.com>	2013-01-31 04:23:54 -0800
committer	Eric W. Biederman <ebiederm@xmission.com>	2013-02-13 06:00:38 -0800
commit	f74f70f8b10b435f5f20247e70d1d86b53a59685 (patch)
tree	0ba5bd2d8e1f3cb795c66e134c7bc1d4572016aa
parent	66fdb93f882d21612a5287cd1303c9b1391ebf5d (diff)
download	user-namespace-f74f70f8b10b435f5f20247e70d1d86b53a59685.tar.gz