[NET]: Make socket creation namespace safe.

[linux-2.6-block.git] / net / key / af_key.c

diff --git a/net/key/af_key.c b/net/key/af_key.c
index 5b802bbb856e4f08b983284cad7f7e6dded1728c..ff5c3d03005e4603b0748d003aff2b097ca675c3 100644 (file)
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -136,11 +136,14 @@ static struct proto key_proto = {
        .obj_size = sizeof(struct pfkey_sock),
 };
 
-static int pfkey_create(struct socket *sock, int protocol)
+static int pfkey_create(struct net *net, struct socket *sock, int protocol)
 {
        struct sock *sk;
        int err;
 
+       if (net != &init_net)
+               return -EAFNOSUPPORT;
+
        if (!capable(CAP_NET_ADMIN))
                return -EPERM;
        if (sock->type != SOCK_RAW)
@@ -149,7 +152,7 @@ static int pfkey_create(struct socket *sock, int protocol)
                return -EPROTONOSUPPORT;
 
        err = -ENOMEM;
-       sk = sk_alloc(PF_KEY, GFP_KERNEL, &key_proto, 1);
+       sk = sk_alloc(net, PF_KEY, GFP_KERNEL, &key_proto, 1);
        if (sk == NULL)
                goto out;