summaryrefslogtreecommitdiffstats
path: root/fs/super.c
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2019-05-12 23:09:01 +0200
committerAl Viro <viro@zeniv.linux.org.uk>2019-05-25 23:59:58 +0200
commit2527b284defaeadf74829b0b0bd3207ca7f165eb (patch)
tree5995146d7d565f6e01c8dbd84b49eab9f963d4fc /fs/super.c
parentvfs: Kill mount_ns() (diff)
downloadlinux-2527b284defaeadf74829b0b0bd3207ca7f165eb.tar.xz
linux-2527b284defaeadf74829b0b0bd3207ca7f165eb.zip
move the capability checks from sget_userns() to legacy_get_tree()
1) all call chains leading to sget_userns() pass through ->mount() instances. 2) none of ->mount() instances is ever called directly - the only call site is legacy_get_tree() 3) all remaining ->mount() instances end up calling sget_userns() IOW, we might as well do the capability checks just before calling ->mount(). As for the arguments passed to mount_capable(), in case of call chains to sget_userns() going through sget(), we either don't call mount_capable() at all, or pass current_user_ns() to it. The call chains going through mount_pseudo_xattr() don't call mount_capable() at all (SB_KERNMOUNT in flags on those). That could've been split into smaller steps (lifting the checks into sget(), then callers of sget(), then all the way to the entries of every ->mount() out there, then to the sole caller), but that would be too much churn for little benefit... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs/super.c')
-rw-r--r--fs/super.c4
1 files changed, 0 insertions, 4 deletions
diff --git a/fs/super.c b/fs/super.c
index 6919f5c728f0..bdb03255c7ea 100644
--- a/fs/super.c
+++ b/fs/super.c
@@ -583,10 +583,6 @@ struct super_block *sget_userns(struct file_system_type *type,
struct super_block *old;
int err;
- if (!(flags & (SB_KERNMOUNT|SB_SUBMOUNT))) {
- if (!mount_capable(type, user_ns))
- return ERR_PTR(-EPERM);
- }
retry:
spin_lock(&sb_lock);
if (test) {