userns: Remove implicit MNT_NODEV fragility.
Replace the implict setting of MNT_NODEV on mounts that happen with just user namespace permissions with an implicit setting of SB_I_NODEV in s_iflags. The visibility of the implicit MNT_NODEV has caused problems in the past. With this change the fragile case where an implicit MNT_NODEV needs to be preserved in do_remount is removed. Using SB_I_NODEV is much less fragile as s_iflags are set during the original mount and never changed. In do_new_mount with the implicit setting of MNT_NODEV gone, the only code that can affect mnt_flags is fs_fully_visible so simplify the if statement and reduce the indentation of the code to make that clear. Acked-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
This commit is contained in:
parent
a1935c1738
commit
67690f937c
@ -2185,13 +2185,7 @@ static int do_remount(struct path *path, int flags, int mnt_flags,
|
|||||||
}
|
}
|
||||||
if ((mnt->mnt.mnt_flags & MNT_LOCK_NODEV) &&
|
if ((mnt->mnt.mnt_flags & MNT_LOCK_NODEV) &&
|
||||||
!(mnt_flags & MNT_NODEV)) {
|
!(mnt_flags & MNT_NODEV)) {
|
||||||
/* Was the nodev implicitly added in mount? */
|
return -EPERM;
|
||||||
if ((mnt->mnt_ns->user_ns != &init_user_ns) &&
|
|
||||||
!(sb->s_type->fs_flags & FS_USERNS_DEV_MOUNT)) {
|
|
||||||
mnt_flags |= MNT_NODEV;
|
|
||||||
} else {
|
|
||||||
return -EPERM;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
if ((mnt->mnt.mnt_flags & MNT_LOCK_NOSUID) &&
|
if ((mnt->mnt.mnt_flags & MNT_LOCK_NOSUID) &&
|
||||||
!(mnt_flags & MNT_NOSUID)) {
|
!(mnt_flags & MNT_NOSUID)) {
|
||||||
@ -2385,7 +2379,6 @@ static int do_new_mount(struct path *path, const char *fstype, int flags,
|
|||||||
int mnt_flags, const char *name, void *data)
|
int mnt_flags, const char *name, void *data)
|
||||||
{
|
{
|
||||||
struct file_system_type *type;
|
struct file_system_type *type;
|
||||||
struct user_namespace *user_ns = current->nsproxy->mnt_ns->user_ns;
|
|
||||||
struct vfsmount *mnt;
|
struct vfsmount *mnt;
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
@ -2396,16 +2389,6 @@ static int do_new_mount(struct path *path, const char *fstype, int flags,
|
|||||||
if (!type)
|
if (!type)
|
||||||
return -ENODEV;
|
return -ENODEV;
|
||||||
|
|
||||||
if (user_ns != &init_user_ns) {
|
|
||||||
/* Only in special cases allow devices from mounts
|
|
||||||
* created outside the initial user namespace.
|
|
||||||
*/
|
|
||||||
if (!(type->fs_flags & FS_USERNS_DEV_MOUNT)) {
|
|
||||||
flags |= MS_NODEV;
|
|
||||||
mnt_flags |= MNT_NODEV | MNT_LOCK_NODEV;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
mnt = vfs_kern_mount(type, flags, name, data);
|
mnt = vfs_kern_mount(type, flags, name, data);
|
||||||
if (!IS_ERR(mnt) && (type->fs_flags & FS_HAS_SUBTYPE) &&
|
if (!IS_ERR(mnt) && (type->fs_flags & FS_HAS_SUBTYPE) &&
|
||||||
!mnt->mnt_sb->s_subtype)
|
!mnt->mnt_sb->s_subtype)
|
||||||
|
@ -206,6 +206,9 @@ static struct super_block *alloc_super(struct file_system_type *type, int flags,
|
|||||||
init_waitqueue_head(&s->s_writers.wait_unfrozen);
|
init_waitqueue_head(&s->s_writers.wait_unfrozen);
|
||||||
s->s_bdi = &noop_backing_dev_info;
|
s->s_bdi = &noop_backing_dev_info;
|
||||||
s->s_flags = flags;
|
s->s_flags = flags;
|
||||||
|
if ((s->s_user_ns != &init_user_ns) &&
|
||||||
|
!(type->fs_flags & FS_USERNS_DEV_MOUNT))
|
||||||
|
s->s_iflags |= SB_I_NODEV;
|
||||||
INIT_HLIST_NODE(&s->s_instances);
|
INIT_HLIST_NODE(&s->s_instances);
|
||||||
INIT_HLIST_BL_HEAD(&s->s_anon);
|
INIT_HLIST_BL_HEAD(&s->s_anon);
|
||||||
mutex_init(&s->s_sync_lock);
|
mutex_init(&s->s_sync_lock);
|
||||||
|
Loading…
Reference in New Issue
Block a user