diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-05-19 06:12:31 -1000 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-05-19 06:12:31 -1000 |
commit | c3d0e3fd41b7f0f5d5d5b6022ab7e813f04ea727 (patch) | |
tree | 49d7ae853af8dae021d8b906aaf5b762ef6aa42e /fs | |
parent | 293837b9ac8d3021657f44c9d7a14948ec01c5d0 (diff) | |
parent | 2ca4dcc4909d787ee153272f7efc2bff3b498720 (diff) | |
download | lwn-c3d0e3fd41b7f0f5d5d5b6022ab7e813f04ea727.tar.gz lwn-c3d0e3fd41b7f0f5d5d5b6022ab7e813f04ea727.zip |
Merge tag 'fs.idmapped.mount_setattr.v5.13-rc3' of gitolite.kernel.org:pub/scm/linux/kernel/git/brauner/linux
Pull mount_setattr fix from Christian Brauner:
"This makes an underlying idmapping assumption more explicit.
We currently don't have any filesystems that support idmapped mounts
which are mountable inside a user namespace, i.e. where s_user_ns !=
init_user_ns. That was a deliberate decision for now as userns root
can just mount the filesystem themselves.
Express this restriction explicitly and enforce it until there's a
real use-case for this. This way we can notice it and will have a
chance to adapt and audit our translation helpers and fstests
appropriately if we need to support such filesystems"
* tag 'fs.idmapped.mount_setattr.v5.13-rc3' of gitolite.kernel.org:pub/scm/linux/kernel/git/brauner/linux:
fs/mount_setattr: tighten permission checks
Diffstat (limited to 'fs')
-rw-r--r-- | fs/namespace.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/fs/namespace.c b/fs/namespace.c index f63337828e1c..c3f1a78ba369 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -3855,8 +3855,12 @@ static int can_idmap_mount(const struct mount_kattr *kattr, struct mount *mnt) if (!(m->mnt_sb->s_type->fs_flags & FS_ALLOW_IDMAP)) return -EINVAL; + /* Don't yet support filesystem mountable in user namespaces. */ + if (m->mnt_sb->s_user_ns != &init_user_ns) + return -EINVAL; + /* We're not controlling the superblock. */ - if (!ns_capable(m->mnt_sb->s_user_ns, CAP_SYS_ADMIN)) + if (!capable(CAP_SYS_ADMIN)) return -EPERM; /* Mount has already been visible in the filesystem hierarchy. */ |