Startsida Utforska Hjälp
Registrera dig Logga in
phyus
/
linux-vybrid_public
8
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Bläddra i källkod

vfs: Don't allow a user namespace root to make device nodes

Safely making device nodes in a container is solvable but simply
having the capability in a user namespace is not sufficient to make
this work.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Eric W. Biederman 13 år sedan
förälder
dd775ae254
incheckning
975d6b3932
1 ändrade filer med 1 tillägg och 2 borttagningar
Unifierad Vy Visa Diff Statistik
  1. 1 2
      fs/namei.c

+ 1 - 2
fs/namei.c
Visa fil 

@@ -2560,8 +2560,7 @@ int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
 
 	if (error)
 
 	if (error)
 
 		return error;
 
 		return error;
 
 
 
-	if ((S_ISCHR(mode) || S_ISBLK(mode)) &&
 
-	    !ns_capable(inode_userns(dir), CAP_MKNOD))
 
+	if ((S_ISCHR(mode) || S_ISBLK(mode)) && !capable(CAP_MKNOD))
 
 		return -EPERM;
 
 		return -EPERM;
 
 
 
 	if (!dir->i_op->mknod)
 
 	if (!dir->i_op->mknod)