userns: Make create_new_namespaces take a user_ns parameter

[cascardo/linux.git] / ipc / namespace.c

diff --git a/ipc/namespace.c b/ipc/namespace.c
index f362298..72c8682 100644 (file)
--- a/ipc/namespace.c
+++ b/ipc/namespace.c
@@ -16,7 +16,7 @@
 
 #include "util.h"
 
-static struct ipc_namespace *create_ipc_ns(struct task_struct *tsk,
+static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns,
                                           struct ipc_namespace *old_ns)
 {
        struct ipc_namespace *ns;
@@ -46,19 +46,17 @@ static struct ipc_namespace *create_ipc_ns(struct task_struct *tsk,
        ipcns_notify(IPCNS_CREATED);
        register_ipcns_notifier(ns);
 
-       ns->user_ns = get_user_ns(task_cred_xxx(tsk, user_ns));
+       ns->user_ns = get_user_ns(user_ns);
 
        return ns;
 }
 
 struct ipc_namespace *copy_ipcs(unsigned long flags,
-                               struct task_struct *tsk)
+       struct user_namespace *user_ns, struct ipc_namespace *ns)
 {
-       struct ipc_namespace *ns = tsk->nsproxy->ipc_ns;
-
        if (!(flags & CLONE_NEWIPC))
                return get_ipc_ns(ns);
-       return create_ipc_ns(tsk, ns);
+       return create_ipc_ns(user_ns, ns);
 }
 
 /*
@@ -161,8 +159,12 @@ static void ipcns_put(void *ns)
        return put_ipc_ns(ns);
 }
 
-static int ipcns_install(struct nsproxy *nsproxy, void *ns)
+static int ipcns_install(struct nsproxy *nsproxy, void *new)
 {
+       struct ipc_namespace *ns = new;
+       if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN))
+               return -EPERM;
+
        /* Ditch state from the old ipc namespace */
        exit_sem(current);
        put_ipc_ns(nsproxy->ipc_ns);