From: Eric Biggers <ebiggers@xxxxxxxxxx>
Fixes: 99f8421020ac ("vfs: Implement fspick() to select a superblock for reconfiguration")
Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
---
fs/fsopen.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/fsopen.c b/fs/fsopen.c
index 3e439299ddf79..b3a22848f8eec 100644
--- a/fs/fsopen.c
+++ b/fs/fsopen.c
@@ -282,6 +282,9 @@ SYSCALL_DEFINE3(fspick, int, dfd, const char __user *, path, unsigned int, flags
unsigned int lookup_flags;
int ret;
+ if (!ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN))
+ return -EPERM;
+
if ((flags & ~(FSPICK_CLOEXEC |
FSPICK_SYMLINK_NOFOLLOW |
FSPICK_NO_AUTOMOUNT |
--
2.18.0
