start massaging the checks in sget_...(): move to sget_userns()
there are 3 remaining callers of sget_userns() - sget(), mount_ns() and mount_pseudo_xattr(). Extra check in sget() is conditional upon mount being neither KERNMOUNT nor SUBMOUNT, the identical one in mount_ns() - upon being not KERNMOUNT; mount_pseudo_xattr() has no such checks at all. However, mount_ns() is never used with SUBMOUNT and mount_pseudo_xattr() is used only for KERNMOUNT, so both would be fine with the same logics as currently done in sget(), allowing to consolidate the entire thing in sget_userns() itself. That's not where these checks will end up in the long run, though - the whole reason why they'd been done so deep in the bowels of mount(2) was that there had been no way for a filesystem to specify which userns to look at until it has entered ->mount(). Now there is a place where filesystem could override the defaults - ->init_fs_context(). Which allows to pull the checks out into the callers of vfs_get_tree(). That'll take quite a bit of massage, but that mess is possible to tease apart. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Al Viro
parent
f7a9945184
commit
feb8ae43a7
14
fs/super.c
14
fs/super.c
@ -583,6 +583,10 @@ struct super_block *sget_userns(struct file_system_type *type,
|
||||
struct super_block *old;
|
||||
int err;
|
||||
|
||||
/* Ensure the requestor has permissions over the target filesystem */
|
||||
if (!(flags & (SB_KERNMOUNT|SB_SUBMOUNT)) && !ns_capable(user_ns, CAP_SYS_ADMIN))
|
||||
return ERR_PTR(-EPERM);
|
||||
|
||||
if (!(flags & (SB_KERNMOUNT|SB_SUBMOUNT)) &&
|
||||
!(type->fs_flags & FS_USERNS_MOUNT) &&
|
||||
!capable(CAP_SYS_ADMIN))
|
||||
@ -653,10 +657,6 @@ struct super_block *sget(struct file_system_type *type,
|
||||
if (flags & SB_SUBMOUNT)
|
||||
user_ns = &init_user_ns;
|
||||
|
||||
/* Ensure the requestor has permissions over the target filesystem */
|
||||
if (!(flags & (SB_KERNMOUNT|SB_SUBMOUNT)) && !ns_capable(user_ns, CAP_SYS_ADMIN))
|
||||
return ERR_PTR(-EPERM);
|
||||
|
||||
return sget_userns(type, test, set, flags, user_ns, data);
|
||||
}
|
||||
|
||||
@ -1164,12 +1164,6 @@ struct dentry *mount_ns(struct file_system_type *fs_type,
|
||||
{
|
||||
struct super_block *sb;
|
||||
|
||||
/* Don't allow mounting unless the caller has CAP_SYS_ADMIN
|
||||
* over the namespace.
|
||||
*/
|
||||
if (!(flags & SB_KERNMOUNT) && !ns_capable(user_ns, CAP_SYS_ADMIN))
|
||||
return ERR_PTR(-EPERM);
|
||||
|
||||
sb = sget_userns(fs_type, ns_test_super, ns_set_super, flags,
|
||||
user_ns, ns);
|
||||
if (IS_ERR(sb))
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user