diff options
author | Christian Brauner <brauner@kernel.org> | 2024-06-24 11:49:44 -0400 |
---|---|---|
committer | Christian Brauner <brauner@kernel.org> | 2024-06-28 09:53:29 +0200 |
commit | dd7cb142f467c4660698bcaa4a48c688b443ab81 (patch) | |
tree | 28ff2e3c9ace4a21784d19bfc4e42841075a2a5b /fs/namespace.c | |
parent | d04bccd8c19d601232ed3e3c9e248c0040167d47 (diff) | |
download | lwn-dd7cb142f467c4660698bcaa4a48c688b443ab81.tar.gz lwn-dd7cb142f467c4660698bcaa4a48c688b443ab81.zip |
fs: relax permissions for listmount()
It is sufficient to have capabilities in the owning user namespace of
the mount namespace to list all mounts regardless of whether they are
reachable or not.
Link: https://lore.kernel.org/r/8adc0d3f4f7495faacc6a7c63095961f7f1637c7.1719243756.git.josef@toxicpanda.com
Signed-off-by: Christian Brauner <brauner@kernel.org>
Diffstat (limited to 'fs/namespace.c')
-rw-r--r-- | fs/namespace.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/namespace.c b/fs/namespace.c index 02a697287da5..22274f74beb0 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -5104,7 +5104,7 @@ static ssize_t do_listmount(u64 mnt_parent_id, u64 last_mnt_id, u64 *mnt_ids, * mounts to show users. */ if (!is_path_reachable(real_mount(orig.mnt), orig.dentry, &root) && - !ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN)) + !ns_capable_noaudit(ns->user_ns, CAP_SYS_ADMIN)) return -EPERM; ret = security_sb_statfs(orig.dentry); |