summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/core/net_namespace.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index 6456439cbbd9..ec2870b44c1f 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -630,8 +630,13 @@ static void netns_put(void *ns)
static int netns_install(struct nsproxy *nsproxy, void *ns)
{
+ struct net *net = ns;
+
+ if (!ns_capable(net->user_ns, CAP_SYS_ADMIN))
+ return -EPERM;
+
put_net(nsproxy->net_ns);
- nsproxy->net_ns = get_net(ns);
+ nsproxy->net_ns = get_net(net);
return 0;
}