diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-11-10 13:27:58 -0600 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-11-10 13:27:58 -0600 |
commit | 1de4f2ef216dade3b5bd5f5247c4c750a953f51c (patch) | |
tree | 7be22ffabcb98c2aeeb0df644a32a06328154c2f /kernel | |
parent | a1aa42f1d8c00a0767afee28d17caafd2a4dd8ff (diff) | |
parent | 9c8e0a1b683525464a2abe9fb4b54404a50ed2b4 (diff) | |
download | lwn-1de4f2ef216dade3b5bd5f5247c4c750a953f51c.tar.gz lwn-1de4f2ef216dade3b5bd5f5247c4c750a953f51c.zip |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull namespace fixes from Eric Biederman:
"I believe all of these are simple obviously correct bug fixes. These
fall into two groups:
- Fixing the implementation of MNT_LOCKED which prevents lesser
privileged users from seeing unders mounts created by more
privileged users.
- Fixing the extended uid and group mapping in user namespaces.
As well as ensuring the code looks correct I have spot tested these
changes as well and in my testing the fixes are working"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
mount: Prevent MNT_DETACH from disconnecting locked mounts
mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
mount: Retest MNT_LOCKED in do_umount
userns: also map extents in the reverse map to kernel IDs
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/user_namespace.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index e5222b5fb4fe..923414a246e9 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c @@ -974,10 +974,6 @@ static ssize_t map_write(struct file *file, const char __user *buf, if (!new_idmap_permitted(file, ns, cap_setid, &new_map)) goto out; - ret = sort_idmaps(&new_map); - if (ret < 0) - goto out; - ret = -EPERM; /* Map the lower ids from the parent user namespace to the * kernel global id space. @@ -1004,6 +1000,14 @@ static ssize_t map_write(struct file *file, const char __user *buf, e->lower_first = lower_first; } + /* + * If we want to use binary search for lookup, this clones the extent + * array and sorts both copies. + */ + ret = sort_idmaps(&new_map); + if (ret < 0) + goto out; + /* Install the map */ if (new_map.nr_extents <= UID_GID_MAP_MAX_BASE_EXTENTS) { memcpy(map->extent, new_map.extent, |