X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=fs%2Fproc%2Fproc_sysctl.c;h=231d295a9df7876f9da587944631448799b6b848;hb=11262d0f0a11c1f781bf4958c1e5215f98c0743a;hp=d4e37acd48217dcb1090a1ee68bb4ec4cb7226e5;hpb=396bf4cd835e62d70fad4a03a8963e61f19021f2;p=mirror_ubuntu-zesty-kernel.git

diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
index d4e37acd4821..231d295a9df7 100644
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -755,11 +755,18 @@ static int proc_sys_permission(struct inode *inode, int mask)
 static int proc_sys_setattr(struct dentry *dentry, struct iattr *attr)
 {
 	struct inode *inode = d_inode(dentry);
+	struct user_namespace *s_user_ns;
 	int error;
 
 	if (attr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID))
 		return -EPERM;
 
+	/* Don't let anyone mess with weird proc files */
+	s_user_ns = inode->i_sb->s_user_ns;
+	if (!kuid_has_mapping(s_user_ns, inode->i_uid) ||
+	    !kgid_has_mapping(s_user_ns, inode->i_gid))
+		return -EPERM;
+
 	error = setattr_prepare(dentry, attr);
 	if (error)
 		return error;