summaryrefslogtreecommitdiffstats
path: root/fs/proc
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2016-06-09 22:34:02 +0200
committerEric W. Biederman <ebiederm@xmission.com>2016-06-23 22:41:57 +0200
commita2982cc922c3068783eb9a1f77a5626a1ec36a1f (patch)
tree61ccc6ad01f8804d5290ae4565ba8d4238bf648a /fs/proc
parentipc/mqueue: The mqueue filesystem should never contain executables (diff)
downloadlinux-a2982cc922c3068783eb9a1f77a5626a1ec36a1f.tar.xz
linux-a2982cc922c3068783eb9a1f77a5626a1ec36a1f.zip
vfs: Generalize filesystem nodev handling.
Introduce a function may_open_dev that tests MNT_NODEV and a new superblock flab SB_I_NODEV. Use this new function in all of the places where MNT_NODEV was previously tested. Add the new SB_I_NODEV s_iflag to proc, sysfs, and mqueuefs as those filesystems should never support device nodes, and a simple superblock flags makes that very hard to get wrong. With SB_I_NODEV set if any device nodes somehow manage to show up on on a filesystem those device nodes will be unopenable. Acked-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'fs/proc')
-rw-r--r--fs/proc/inode.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/proc/inode.c b/fs/proc/inode.c
index f4817efb25a6..a5b2c33745b7 100644
--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c
@@ -466,8 +466,8 @@ int proc_fill_super(struct super_block *s, void *data, int silent)
if (!proc_parse_options(data, ns))
return -EINVAL;
- /* User space would break if executables appear on proc */
- s->s_iflags |= SB_I_USERNS_VISIBLE | SB_I_NOEXEC;
+ /* User space would break if executables or devices appear on proc */
+ s->s_iflags |= SB_I_USERNS_VISIBLE | SB_I_NOEXEC | SB_I_NODEV;
s->s_flags |= MS_NODIRATIME | MS_NOSUID | MS_NOEXEC;
s->s_blocksize = 1024;
s->s_blocksize_bits = 10;