summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2015-05-14 03:51:09 +0200
committerEric W. Biederman <ebiederm@xmission.com>2015-07-01 17:36:49 +0200
commit7236c85e1be51a9e25ba0f6e087a66ca89605a49 (patch)
treedea4b45dab48f7485e977364adbbc95868f5f096
parentsysfs: Create mountpoints with sysfs_create_mount_point (diff)
downloadlinux-7236c85e1be51a9e25ba0f6e087a66ca89605a49.tar.xz
linux-7236c85e1be51a9e25ba0f6e087a66ca89605a49.zip
mnt: Update fs_fully_visible to test for permanently empty directories
fs_fully_visible attempts to make fresh mounts of proc and sysfs give the mounter no more access to proc and sysfs than if they could have by creating a bind mount. One aspect of proc and sysfs that makes this particularly tricky is that there are other filesystems that typically mount on top of proc and sysfs. As those filesystems are mounted on empty directories in practice it is safe to ignore them. However testing to ensure filesystems are mounted on empty directories has not been something the in kernel data structures have supported so the current test for an empty directory which checks to see if nlink <= 2 is a bit lacking. proc and sysfs have recently been modified to use the new empty_dir infrastructure to create all of their dedicated mount points. Instead of testing for S_ISDIR(inode->i_mode) && i_nlink <= 2 to see if a directory is empty, test for is_empty_dir_inode(inode). That small change guaranteess mounts found on proc and sysfs really are safe to ignore, because the directories are not only empty but nothing can ever be added to them. This guarantees there is nothing to worry about when mounting proc and sysfs. Cc: stable@vger.kernel.org Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
-rw-r--r--fs/namespace.c5
1 files changed, 2 insertions, 3 deletions
diff --git a/fs/namespace.c b/fs/namespace.c
index 8c7b8e0941b9..02c6875dd945 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -3214,9 +3214,8 @@ static bool fs_fully_visible(struct file_system_type *type, int *new_mnt_flags)
/* Only worry about locked mounts */
if (!(mnt->mnt.mnt_flags & MNT_LOCKED))
continue;
- if (!S_ISDIR(inode->i_mode))
- goto next;
- if (inode->i_nlink > 2)
+ /* Is the directory permanetly empty? */
+ if (!is_empty_dir_inode(inode))
goto next;
}
/* Preserve the locked attributes */