raspi/linux
1
0
Fork 1
mirror of https://github.com/raspberrypi/linux.git synced 2025-12-06 01:49:46 +00:00
Code Issues Projects Releases Wiki Activity

mnt: Modify fs_fully_visible to deal with locked ro nodev and atime

Browse Source 
commit 8c6cf9cc82 upstream.

Ignore an existing mount if the locked readonly, nodev or atime
attributes are less permissive than the desired attributes
of the new mount.

On success ensure the new mount locks all of the same readonly, nodev and
atime attributes as the old mount.

The nosuid and noexec attributes are not checked here as this change
is destined for stable and enforcing those attributes causes a
regression in lxc and libvirt-lxc where those applications will not
start and there are no known executables on sysfs or proc and no known
way to create exectuables without code modifications

Fixes: e51db73532 ("userns: Better restrictions on when proc and sysfs can be mounted")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Eric W. Biederman
2015-05-08 23:49:47 -05:00
committed by Greg Kroah-Hartman
parent b5eb51f2ee
commit 51c2c47ef6
1 changed files with 21 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
fs/namespace.c
View File

@@ -2332,7 +2332,7 @@ unlock:
return err; return err;
} }
static bool fs_fully_visible(struct file_system_type *fs_type); static bool fs_fully_visible(struct file_system_type *fs_type, int *new_mnt_flags);
/* /*
* create a new mount for userspace and request it to be added into the * create a new mount for userspace and request it to be added into the
@@ -2366,7 +2366,7 @@ static int do_new_mount(struct path *path, const char *fstype, int flags,
mnt_flags |= MNT_NODEV | MNT_LOCK_NODEV; mnt_flags |= MNT_NODEV | MNT_LOCK_NODEV;
} }
if (type->fs_flags & FS_USERNS_VISIBLE) { if (type->fs_flags & FS_USERNS_VISIBLE) {
if (!fs_fully_visible(type)) if (!fs_fully_visible(type, &mnt_flags))
return -EPERM; return -EPERM;
} }
} }
@@ -3170,9 +3170,10 @@ bool current_chrooted(void)
return chrooted; return chrooted;
} }
static bool fs_fully_visible(struct file_system_type *type) static bool fs_fully_visible(struct file_system_type *type, int *new_mnt_flags)
{ {
struct mnt_namespace *ns = current->nsproxy->mnt_ns; struct mnt_namespace *ns = current->nsproxy->mnt_ns;
int new_flags = *new_mnt_flags;
struct mount *mnt; struct mount *mnt;
bool visible = false; bool visible = false;
@@ -3191,6 +3192,19 @@ static bool fs_fully_visible(struct file_system_type *type)
if (mnt->mnt.mnt_root != mnt->mnt.mnt_sb->s_root) if (mnt->mnt.mnt_root != mnt->mnt.mnt_sb->s_root)
continue; continue;
/* Verify the mount flags are equal to or more permissive
* than the proposed new mount.
*/
if ((mnt->mnt.mnt_flags & MNT_LOCK_READONLY) &&
!(new_flags & MNT_READONLY))
continue;
if ((mnt->mnt.mnt_flags & MNT_LOCK_NODEV) &&
!(new_flags & MNT_NODEV))
continue;
if ((mnt->mnt.mnt_flags & MNT_LOCK_ATIME) &&
((mnt->mnt.mnt_flags & MNT_ATIME_MASK) != (new_flags & MNT_ATIME_MASK)))
continue;
/* This mount is not fully visible if there are any /* This mount is not fully visible if there are any
* locked child mounts that cover anything except for * locked child mounts that cover anything except for
* empty directories. * empty directories.
@@ -3204,6 +3218,10 @@ static bool fs_fully_visible(struct file_system_type *type)
if (!is_empty_dir_inode(inode)) if (!is_empty_dir_inode(inode))
goto next; goto next;
} }
/* Preserve the locked attributes */
*new_mnt_flags |= mnt->mnt.mnt_flags & (MNT_LOCK_READONLY | \
MNT_LOCK_NODEV | \
MNT_LOCK_ATIME);
visible = true; visible = true;
goto found; goto found;
next: ; next: ;