Commit f74f70f8 authored by Eric W. Biederman's avatar Eric W. Biederman

afs: Only allow mounting afs in the intial network namespace

rxrpc sockets only work in the initial network namespace so it isn't
possible to support afs in any other network namespace.

Cc: David Howells <dhowells@redhat.com>
Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
parent 66fdb93f
...@@ -24,6 +24,8 @@ ...@@ -24,6 +24,8 @@
#include <linux/parser.h> #include <linux/parser.h>
#include <linux/statfs.h> #include <linux/statfs.h>
#include <linux/sched.h> #include <linux/sched.h>
#include <linux/nsproxy.h>
#include <net/net_namespace.h>
#include "internal.h" #include "internal.h"
#define AFS_FS_MAGIC 0x6B414653 /* 'kAFS' */ #define AFS_FS_MAGIC 0x6B414653 /* 'kAFS' */
...@@ -363,6 +365,10 @@ static struct dentry *afs_mount(struct file_system_type *fs_type, ...@@ -363,6 +365,10 @@ static struct dentry *afs_mount(struct file_system_type *fs_type,
memset(&params, 0, sizeof(params)); memset(&params, 0, sizeof(params));
ret = -EINVAL;
if (current->nsproxy->net_ns != &init_net)
goto error;
/* parse the options and device name */ /* parse the options and device name */
if (options) { if (options) {
ret = afs_parse_options(&params, options, &dev_name); ret = afs_parse_options(&params, options, &dev_name);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment