diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2016-06-09 22:34:02 +0200 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2016-06-23 22:41:57 +0200 |
commit | a2982cc922c3068783eb9a1f77a5626a1ec36a1f (patch) | |
tree | 61ccc6ad01f8804d5290ae4565ba8d4238bf648a /fs/proc | |
parent | ipc/mqueue: The mqueue filesystem should never contain executables (diff) | |
download | linux-a2982cc922c3068783eb9a1f77a5626a1ec36a1f.tar.xz linux-a2982cc922c3068783eb9a1f77a5626a1ec36a1f.zip |
vfs: Generalize filesystem nodev handling.
Introduce a function may_open_dev that tests MNT_NODEV and a new
superblock flab SB_I_NODEV. Use this new function in all of the
places where MNT_NODEV was previously tested.
Add the new SB_I_NODEV s_iflag to proc, sysfs, and mqueuefs as those
filesystems should never support device nodes, and a simple superblock
flags makes that very hard to get wrong. With SB_I_NODEV set if any
device nodes somehow manage to show up on on a filesystem those
device nodes will be unopenable.
Acked-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'fs/proc')
-rw-r--r-- | fs/proc/inode.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/proc/inode.c b/fs/proc/inode.c index f4817efb25a6..a5b2c33745b7 100644 --- a/fs/proc/inode.c +++ b/fs/proc/inode.c @@ -466,8 +466,8 @@ int proc_fill_super(struct super_block *s, void *data, int silent) if (!proc_parse_options(data, ns)) return -EINVAL; - /* User space would break if executables appear on proc */ - s->s_iflags |= SB_I_USERNS_VISIBLE | SB_I_NOEXEC; + /* User space would break if executables or devices appear on proc */ + s->s_iflags |= SB_I_USERNS_VISIBLE | SB_I_NOEXEC | SB_I_NODEV; s->s_flags |= MS_NODIRATIME | MS_NOSUID | MS_NOEXEC; s->s_blocksize = 1024; s->s_blocksize_bits = 10; |