diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2019-05-12 23:09:01 +0200 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2019-05-25 23:59:58 +0200 |
commit | 2527b284defaeadf74829b0b0bd3207ca7f165eb (patch) | |
tree | 5995146d7d565f6e01c8dbd84b49eab9f963d4fc /fs/super.c | |
parent | vfs: Kill mount_ns() (diff) | |
download | linux-2527b284defaeadf74829b0b0bd3207ca7f165eb.tar.xz linux-2527b284defaeadf74829b0b0bd3207ca7f165eb.zip |
move the capability checks from sget_userns() to legacy_get_tree()
1) all call chains leading to sget_userns() pass through ->mount()
instances.
2) none of ->mount() instances is ever called directly - the only
call site is legacy_get_tree()
3) all remaining ->mount() instances end up calling sget_userns()
IOW, we might as well do the capability checks just before calling
->mount(). As for the arguments passed to mount_capable(),
in case of call chains to sget_userns() going through sget(),
we either don't call mount_capable() at all, or pass current_user_ns()
to it. The call chains going through mount_pseudo_xattr() don't
call mount_capable() at all (SB_KERNMOUNT in flags on those).
That could've been split into smaller steps (lifting the checks
into sget(), then callers of sget(), then all the way to the
entries of every ->mount() out there, then to the sole caller),
but that would be too much churn for little benefit...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs/super.c')
-rw-r--r-- | fs/super.c | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/fs/super.c b/fs/super.c index 6919f5c728f0..bdb03255c7ea 100644 --- a/fs/super.c +++ b/fs/super.c @@ -583,10 +583,6 @@ struct super_block *sget_userns(struct file_system_type *type, struct super_block *old; int err; - if (!(flags & (SB_KERNMOUNT|SB_SUBMOUNT))) { - if (!mount_capable(type, user_ns)) - return ERR_PTR(-EPERM); - } retry: spin_lock(&sb_lock); if (test) { |