[Acked] [PATCH] UBUNTU: SAUCE: kernfs: Always set super block owner to init_user_ns

[Andy Whitcroft]

On Wed, Feb 24, 2016 at 11:33:47AM -0600, Seth Forshee wrote:
> Filesystems implemented using kernfs are generally operating on
> a shared set of in-kernel objects even from different super
> blocks. Mounts from user namespaces should not have privileges
> towards all objects in these filesystems, so set s_user_ns in
> these super blocks to init_user_ns rather than the namespace of
> the mounter. Privileged users in a user namespace will still have
> privileges towards objects in the filesystem owned by users in
> that namespace.
> 
> BugLink: http://bugs.launchpad.net/bugs/1549398
> Signed-off-by: Seth Forshee <seth.forshee at canonical.com>
> ---
>  fs/kernfs/mount.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/kernfs/mount.c b/fs/kernfs/mount.c
> index 074bb8b..18ed4dc 100644
> --- a/fs/kernfs/mount.c
> +++ b/fs/kernfs/mount.c
> @@ -15,6 +15,7 @@
>  #include <linux/slab.h>
>  #include <linux/pagemap.h>
>  #include <linux/namei.h>
> +#include <linux/user_namespace.h>
>  
>  #include "kernfs-internal.h"
>  
> @@ -227,7 +228,8 @@ struct dentry *kernfs_mount_ns(struct file_system_type *fs_type, int flags,
>  	info->root = root;
>  	info->ns = ns;
>  
> -	sb = sget(fs_type, kernfs_test_super, kernfs_set_super, flags, info);
> +	sb = sget_userns(fs_type, kernfs_test_super, kernfs_set_super, flags,
> +			 &init_user_ns, info);
>  	if (IS_ERR(sb) || sb->s_fs_info != info)
>  		kfree(info);
>  	if (IS_ERR(sb))
> -- 
> 1.9.1

That looks simple enough.

Acked-by: Andy Whitcroft <apw at canonical.com>

-apw