Merge remote-tracking branch 'gkurz/tags/security-fix-for-2.10' into staging

Merge remote-tracking branch 'gkurz/tags/security-fix-for-2.10' into staging

Fix for CVE-2017-7493.

# gpg: Signature made Mon 15 May 2017 07:48:20 PM BST
# gpg:                using DSA key 0x02FC3AEB0101DBC2
# gpg: Good signature from "Greg Kurz <[email protected]>"
# gpg:                 aka "Greg Kurz <[email protected]>"
# gpg:                 aka "Greg Kurz <[email protected]>"
# gpg:                 aka "Greg Kurz <[email protected]>"
# gpg:                 aka "Gregory Kurz (Groug) <[email protected]>"
# gpg:                 aka "Gregory Kurz (Cimai Technology) <[email protected]>"
# gpg:                 aka "Gregory Kurz (Meiosys Technology) <[email protected]>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 2BD4 3B44 535E C0A7 9894  DBA2 02FC 3AEB 0101 DBC2

* gkurz/tags/security-fix-for-2.10:
  9pfs: local: forbid client access to metadata (CVE-2017-7493)

Signed-off-by: Stefan Hajnoczi <[email protected]>