diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2014-08-13 01:33:38 -0700 |
|---|---|---|
| committer | Jiri Slaby <jslaby@suse.cz> | 2015-01-07 17:55:08 +0100 |
| commit | a4c2b660f35a1f1201cea27d5fbad41482b191fc (patch) | |
| tree | 51a6e4d531b721aed88bab2704ccd42fd11f87a2 | |
| parent | f7c68a1aa5d3bf2e94c548c8d77de50640a11209 (diff) | |
| download | lwn-a4c2b660f35a1f1201cea27d5fbad41482b191fc.tar.gz lwn-a4c2b660f35a1f1201cea27d5fbad41482b191fc.zip | |
mnt: Implicitly add MNT_NODEV on remount when it was implicitly added by mount
commit 3e1866410f11356a9fd869beb3e95983dc79c067 upstream.
Now that remount is properly enforcing the rule that you can't remove
nodev at least sandstorm.io is breaking when performing a remount.
It turns out that there is an easy intuitive solution implicitly
add nodev on remount when nodev was implicitly added on mount.
Tested-by: Cedric Bosdonnat <cbosdonnat@suse.com>
Tested-by: Richard Weinberger <richard@nod.at>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
| -rw-r--r-- | fs/namespace.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/fs/namespace.c b/fs/namespace.c index d00750d2f91e..6b42c6d1590e 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1858,7 +1858,13 @@ static int do_remount(struct path *path, int flags, int mnt_flags, } if ((mnt->mnt.mnt_flags & MNT_LOCK_NODEV) && !(mnt_flags & MNT_NODEV)) { - return -EPERM; + /* Was the nodev implicitly added in mount? */ + if ((mnt->mnt_ns->user_ns != &init_user_ns) && + !(sb->s_type->fs_flags & FS_USERNS_DEV_MOUNT)) { + mnt_flags |= MNT_NODEV; + } else { + return -EPERM; + } } if ((mnt->mnt.mnt_flags & MNT_LOCK_NOSUID) && !(mnt_flags & MNT_NOSUID)) { |