[NET]: Make socket creation namespace safe.

[deliverable/linux.git] / net / unix / af_unix.c

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 2386090c3a16ef4469a9dd0d843e92bb73d882e6..10e73122c34c0bd23cb7a5bff61bb62c131cb4e4 100644 (file)
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -594,7 +594,7 @@ static struct proto unix_proto = {
  */
 static struct lock_class_key af_unix_sk_receive_queue_lock_key;
 
-static struct sock * unix_create1(struct socket *sock)
+static struct sock * unix_create1(struct net *net, struct socket *sock)
 {
        struct sock *sk = NULL;
        struct unix_sock *u;
@@ -602,7 +602,7 @@ static struct sock * unix_create1(struct socket *sock)
        if (atomic_read(&unix_nr_socks) >= 2*get_max_files())
                goto out;
 
-       sk = sk_alloc(PF_UNIX, GFP_KERNEL, &unix_proto, 1);
+       sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto, 1);
        if (!sk)
                goto out;
 
@@ -628,8 +628,11 @@ out:
        return sk;
 }
 
-static int unix_create(struct socket *sock, int protocol)
+static int unix_create(struct net *net, struct socket *sock, int protocol)
 {
+       if (net != &init_net)
+               return -EAFNOSUPPORT;
+
        if (protocol && protocol != PF_UNIX)
                return -EPROTONOSUPPORT;
 
@@ -655,7 +658,7 @@ static int unix_create(struct socket *sock, int protocol)
                return -ESOCKTNOSUPPORT;
        }
 
-       return unix_create1(sock) ? 0 : -ENOMEM;
+       return unix_create1(net, sock) ? 0 : -ENOMEM;
 }
 
 static int unix_release(struct socket *sock)
@@ -1039,7 +1042,7 @@ static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
        err = -ENOMEM;
 
        /* create new sock for complete connection */
-       newsk = unix_create1(NULL);
+       newsk = unix_create1(sk->sk_net, NULL);
        if (newsk == NULL)
                goto out;