afs: Only allow mounting afs in the intial network namespace

rxrpc sockets only work in the initial network namespace so it isn't
possible to support afs in any other network namespace.

Cc: David Howells <dhowells@redhat.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

diff --git a/fs/afs/super.c b/fs/afs/super.c
index 43165009428da56c51b47ae9d8bb4b97310c485f..7c31ec39957587a59062b3f81dd338aa57e575aa 100644 (file)
--- a/fs/afs/super.c
+++ b/fs/afs/super.c
@@ -24,6 +24,8 @@
 #include <linux/parser.h>
 #include <linux/statfs.h>
 #include <linux/sched.h>
+#include <linux/nsproxy.h>
+#include <net/net_namespace.h>
 #include "internal.h"
 
 #define AFS_FS_MAGIC 0x6B414653 /* 'kAFS' */
@@ -363,6 +365,10 @@ static struct dentry *afs_mount(struct file_system_type *fs_type,
 
        memset(&params, 0, sizeof(params));
 
+       ret = -EINVAL;
+       if (current->nsproxy->net_ns != &init_net)
+               goto error;
+
        /* parse the options and device name */
        if (options) {
                ret = afs_parse_options(&params, options, &dev_name);