summaryrefslogtreecommitdiff
path: root/fs/namespace.c
diff options
context:
space:
mode:
authorChristian Brauner <brauner@kernel.org>2024-06-24 11:49:44 -0400
committerChristian Brauner <brauner@kernel.org>2024-06-28 09:53:29 +0200
commitdd7cb142f467c4660698bcaa4a48c688b443ab81 (patch)
tree28ff2e3c9ace4a21784d19bfc4e42841075a2a5b /fs/namespace.c
parentd04bccd8c19d601232ed3e3c9e248c0040167d47 (diff)
downloadlwn-dd7cb142f467c4660698bcaa4a48c688b443ab81.tar.gz
lwn-dd7cb142f467c4660698bcaa4a48c688b443ab81.zip
fs: relax permissions for listmount()
It is sufficient to have capabilities in the owning user namespace of the mount namespace to list all mounts regardless of whether they are reachable or not. Link: https://lore.kernel.org/r/8adc0d3f4f7495faacc6a7c63095961f7f1637c7.1719243756.git.josef@toxicpanda.com Signed-off-by: Christian Brauner <brauner@kernel.org>
Diffstat (limited to 'fs/namespace.c')
-rw-r--r--fs/namespace.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/namespace.c b/fs/namespace.c
index 02a697287da5..22274f74beb0 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -5104,7 +5104,7 @@ static ssize_t do_listmount(u64 mnt_parent_id, u64 last_mnt_id, u64 *mnt_ids,
* mounts to show users.
*/
if (!is_path_reachable(real_mount(orig.mnt), orig.dentry, &root) &&
- !ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN))
+ !ns_capable_noaudit(ns->user_ns, CAP_SYS_ADMIN))
return -EPERM;
ret = security_sb_statfs(orig.dentry);