userns: Remove implicit MNT_NODEV fragility.
Replace the implict setting of MNT_NODEV on mounts that happen with just user namespace permissions with an implicit setting of SB_I_NODEV in s_iflags. The visibility of the implicit MNT_NODEV has caused problems in the past. With this change the fragile case where an implicit MNT_NODEV needs to be preserved in do_remount is removed. Using SB_I_NODEV is much less fragile as s_iflags are set during the original mount and never changed. In do_new_mount with the implicit setting of MNT_NODEV gone, the only code that can affect mnt_flags is fs_fully_visible so simplify the if statement and reduce the indentation of the code to make that clear. Acked-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
This commit is contained in:
Eric W. Biederman
@@ -206,6 +206,9 @@ static struct super_block *alloc_super(struct file_system_type *type, int flags,
|
||||
init_waitqueue_head(&s->s_writers.wait_unfrozen);
|
||||
s->s_bdi = &noop_backing_dev_info;
|
||||
s->s_flags = flags;
|
||||
if ((s->s_user_ns != &init_user_ns) &&
|
||||
!(type->fs_flags & FS_USERNS_DEV_MOUNT))
|
||||
s->s_iflags |= SB_I_NODEV;
|
||||
INIT_HLIST_NODE(&s->s_instances);
|
||||
INIT_HLIST_BL_HEAD(&s->s_anon);
|
||||
mutex_init(&s->s_sync_lock);
|
||||
|
||||
Reference in New Issue
Block a user