[Acked] [PATCH] UBUNTU: SAUCE: kernfs: Always set super block owner to init_user_ns
Andy Whitcroft
apw at canonical.com
Wed Feb 24 18:08:30 UTC 2016
On Wed, Feb 24, 2016 at 11:33:47AM -0600, Seth Forshee wrote:
> Filesystems implemented using kernfs are generally operating on
> a shared set of in-kernel objects even from different super
> blocks. Mounts from user namespaces should not have privileges
> towards all objects in these filesystems, so set s_user_ns in
> these super blocks to init_user_ns rather than the namespace of
> the mounter. Privileged users in a user namespace will still have
> privileges towards objects in the filesystem owned by users in
> that namespace.
>
> BugLink: http://bugs.launchpad.net/bugs/1549398
> Signed-off-by: Seth Forshee <seth.forshee at canonical.com>
> ---
> fs/kernfs/mount.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/fs/kernfs/mount.c b/fs/kernfs/mount.c
> index 074bb8b..18ed4dc 100644
> --- a/fs/kernfs/mount.c
> +++ b/fs/kernfs/mount.c
> @@ -15,6 +15,7 @@
> #include <linux/slab.h>
> #include <linux/pagemap.h>
> #include <linux/namei.h>
> +#include <linux/user_namespace.h>
>
> #include "kernfs-internal.h"
>
> @@ -227,7 +228,8 @@ struct dentry *kernfs_mount_ns(struct file_system_type *fs_type, int flags,
> info->root = root;
> info->ns = ns;
>
> - sb = sget(fs_type, kernfs_test_super, kernfs_set_super, flags, info);
> + sb = sget_userns(fs_type, kernfs_test_super, kernfs_set_super, flags,
> + &init_user_ns, info);
> if (IS_ERR(sb) || sb->s_fs_info != info)
> kfree(info);
> if (IS_ERR(sb))
> --
> 1.9.1
That looks simple enough.
Acked-by: Andy Whitcroft <apw at canonical.com>
-apw
More information about the kernel-team
mailing list