userns: Require CAP_SYS_ADMIN for most uses of setns.

[linux-3.10.git] / kernel / utsname.c

diff --git a/kernel/utsname.c b/kernel/utsname.c
index f6336d5..08b197e 100644 (file)
--- a/kernel/utsname.c
+++ b/kernel/utsname.c
@@ -113,7 +113,8 @@ static int utsns_install(struct nsproxy *nsproxy, void *new)
 {
        struct uts_namespace *ns = new;
 
-       if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN))
+       if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) ||
+           !nsown_capable(CAP_SYS_ADMIN))
                return -EPERM;
 
        get_uts_ns(ns);