[PATCH] UBUNTU: SAUCE: kernfs: Always set super block owner to init_user_ns
Seth Forshee
seth.forshee at canonical.com
Wed Feb 24 17:33:47 UTC 2016
Filesystems implemented using kernfs are generally operating on
a shared set of in-kernel objects even from different super
blocks. Mounts from user namespaces should not have privileges
towards all objects in these filesystems, so set s_user_ns in
these super blocks to init_user_ns rather than the namespace of
the mounter. Privileged users in a user namespace will still have
privileges towards objects in the filesystem owned by users in
that namespace.
BugLink: http://bugs.launchpad.net/bugs/1549398
Signed-off-by: Seth Forshee <seth.forshee at canonical.com>
---
fs/kernfs/mount.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/kernfs/mount.c b/fs/kernfs/mount.c
index 074bb8b..18ed4dc 100644
--- a/fs/kernfs/mount.c
+++ b/fs/kernfs/mount.c
@@ -15,6 +15,7 @@
#include <linux/slab.h>
#include <linux/pagemap.h>
#include <linux/namei.h>
+#include <linux/user_namespace.h>
#include "kernfs-internal.h"
@@ -227,7 +228,8 @@ struct dentry *kernfs_mount_ns(struct file_system_type *fs_type, int flags,
info->root = root;
info->ns = ns;
- sb = sget(fs_type, kernfs_test_super, kernfs_set_super, flags, info);
+ sb = sget_userns(fs_type, kernfs_test_super, kernfs_set_super, flags,
+ &init_user_ns, info);
if (IS_ERR(sb) || sb->s_fs_info != info)
kfree(info);
if (IS_ERR(sb))
--
1.9.1
More information about the kernel-team
mailing list