summaryrefslogtreecommitdiffstats
path: root/fs/super.c
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2016-05-18 20:50:06 +0200
committerEric W. Biederman <ebiederm@xmission.com>2016-06-23 22:47:23 +0200
commit67690f937c38bbab1d94cb45f6a32e61612834ae (patch)
treeb15e18fb82f42d4001c7d0b4e2d9d3b2113db95c /fs/super.c
parentmnt: Simplify mount_too_revealing (diff)
downloadlinux-67690f937c38bbab1d94cb45f6a32e61612834ae.tar.xz
linux-67690f937c38bbab1d94cb45f6a32e61612834ae.zip
userns: Remove implicit MNT_NODEV fragility.
Replace the implict setting of MNT_NODEV on mounts that happen with just user namespace permissions with an implicit setting of SB_I_NODEV in s_iflags. The visibility of the implicit MNT_NODEV has caused problems in the past. With this change the fragile case where an implicit MNT_NODEV needs to be preserved in do_remount is removed. Using SB_I_NODEV is much less fragile as s_iflags are set during the original mount and never changed. In do_new_mount with the implicit setting of MNT_NODEV gone, the only code that can affect mnt_flags is fs_fully_visible so simplify the if statement and reduce the indentation of the code to make that clear. Acked-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'fs/super.c')
-rw-r--r--fs/super.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/super.c b/fs/super.c
index 78790ada7191..25cdceed2ad3 100644
--- a/fs/super.c
+++ b/fs/super.c
@@ -206,6 +206,9 @@ static struct super_block *alloc_super(struct file_system_type *type, int flags,
init_waitqueue_head(&s->s_writers.wait_unfrozen);
s->s_bdi = &noop_backing_dev_info;
s->s_flags = flags;
+ if ((s->s_user_ns != &init_user_ns) &&
+ !(type->fs_flags & FS_USERNS_DEV_MOUNT))
+ s->s_iflags |= SB_I_NODEV;
INIT_HLIST_NODE(&s->s_instances);
INIT_HLIST_BL_HEAD(&s->s_anon);
mutex_init(&s->s_sync_lock);