Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

vfs: Carefully propogate mounts across user namespaces

As a matter of policy MNT_READONLY should not be changable if the
original mounter had more privileges than creator of the mount
namespace.

Add the flag CL_UNPRIVILEGED to note when we are copying a mount from
a mount namespace that requires more privileges to a mount namespace
that requires fewer privileges.

When the CL_UNPRIVILEGED flag is set cause clone_mnt to set MNT_NO_REMOUNT
if any of the mnt flags that should never be changed are set.

This protects both mount propagation and the initial creation of a less
privileged mount namespace.

Cc: stable@vger.kernel.org
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Reported-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Eric W. Biederman 12 years ago
parent
90563b198e
commit
132c94e31b
3 changed files with 12 additions and 1 deletions
Split View Show Diff Stats
  1. 5 1
      fs/namespace.c
  2. 6 0
      fs/pnode.c
  3. 1 0
      fs/pnode.h

+ 5 - 1
fs/namespace.c
View File 

@@ -798,6 +798,10 @@ static struct mount *clone_mnt(struct mount *old, struct dentry *root,
 
 	}
 
 
 	mnt->mnt.mnt_flags = old->mnt.mnt_flags & ~MNT_WRITE_HOLD;
 
+	/* Don't allow unprivileged users to change mount flags */
 
+	if ((flag & CL_UNPRIVILEGED) && (mnt->mnt.mnt_flags & MNT_READONLY))
 
+		mnt->mnt.mnt_flags |= MNT_LOCK_READONLY;
 
+
 
 	atomic_inc(&sb->s_active);
 
 	mnt->mnt.mnt_sb = sb;
 
 	mnt->mnt.mnt_root = dget(root);
 
@@ -2342,7 +2346,7 @@ static struct mnt_namespace *dup_mnt_ns(struct mnt_namespace *mnt_ns,
 
 	/* First pass: copy the tree topology */
 
 	copy_flags = CL_COPY_ALL | CL_EXPIRE;
 
 	if (user_ns != mnt_ns->user_ns)
 
-		copy_flags |= CL_SHARED_TO_SLAVE;
 
+		copy_flags |= CL_SHARED_TO_SLAVE | CL_UNPRIVILEGED;
 
 	new = copy_tree(old, old->mnt.mnt_root, copy_flags);
 
 	if (IS_ERR(new)) {
 
 		up_write(&namespace_sem);

+ 6 - 0
fs/pnode.c
View File 

@@ -9,6 +9,7 @@
 
 #include <linux/mnt_namespace.h>
 
 #include <linux/mount.h>
 
 #include <linux/fs.h>
 
+#include <linux/nsproxy.h>
 
 #include "internal.h"
 
 #include "pnode.h"
 
 
@@ -220,6 +221,7 @@ static struct mount *get_source(struct mount *dest,
 
 int propagate_mnt(struct mount *dest_mnt, struct dentry *dest_dentry,
 
 		    struct mount *source_mnt, struct list_head *tree_list)
 
 {
 
+	struct user_namespace *user_ns = current->nsproxy->mnt_ns->user_ns;
 
 	struct mount *m, *child;
 
 	int ret = 0;
 
 	struct mount *prev_dest_mnt = dest_mnt;
 
@@ -237,6 +239,10 @@ int propagate_mnt(struct mount *dest_mnt, struct dentry *dest_dentry,
 
 
 		source =  get_source(m, prev_dest_mnt, prev_src_mnt, &type);
 
 
+		/* Notice when we are propagating across user namespaces */
 
+		if (m->mnt_ns->user_ns != user_ns)
 
+			type |= CL_UNPRIVILEGED;
 
+
 
 		child = copy_tree(source, source->mnt.mnt_root, type);
 
 		if (IS_ERR(child)) {
 
 			ret = PTR_ERR(child);

+ 1 - 0
fs/pnode.h
View File 

@@ -23,6 +23,7 @@
 
 #define CL_MAKE_SHARED 		0x08
 
 #define CL_PRIVATE 		0x10
 
 #define CL_SHARED_TO_SLAVE	0x20
 
+#define CL_UNPRIVILEGED		0x40
 
 
 static inline void set_mnt_shared(struct mount *mnt)
 
 {