diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2013-02-23 04:49:10 +0100 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2013-02-23 05:31:31 +0100 |
commit | 57eccb830f1cc93d4b506ba306d8dfa685e0c88f (patch) | |
tree | d3e2ad5e5b0df0907f93a381a68f92128d627088 /fs | |
parent | get rid of unprotected dereferencing of mnt->mnt_ns (diff) | |
download | linux-57eccb830f1cc93d4b506ba306d8dfa685e0c88f.tar.xz linux-57eccb830f1cc93d4b506ba306d8dfa685e0c88f.zip |
mount: consolidate permission checks
... and ask for global CAP_SYS_ADMIN only for superblock-level remounts
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/namespace.c | 40 |
1 files changed, 7 insertions, 33 deletions
diff --git a/fs/namespace.c b/fs/namespace.c index edac42c6eff2..269919fa116d 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1300,24 +1300,6 @@ SYSCALL_DEFINE1(oldumount, char __user *, name) #endif -static int mount_is_safe(struct path *path) -{ - if (may_mount()) - return 0; - return -EPERM; -#ifdef notyet - if (S_ISLNK(path->dentry->d_inode->i_mode)) - return -EPERM; - if (path->dentry->d_inode->i_mode & S_ISVTX) { - if (current_uid() != path->dentry->d_inode->i_uid) - return -EPERM; - } - if (inode_permission(path->dentry->d_inode, MAY_WRITE)) - return -EPERM; - return 0; -#endif -} - static bool mnt_ns_loop(struct path *path) { /* Could bind mounting the mount namespace inode cause a @@ -1640,9 +1622,6 @@ static int do_change_type(struct path *path, int flag) int type; int err = 0; - if (!may_mount()) - return -EPERM; - if (path->dentry != path->mnt->mnt_root) return -EINVAL; @@ -1676,9 +1655,7 @@ static int do_loopback(struct path *path, const char *old_name, LIST_HEAD(umount_list); struct path old_path; struct mount *mnt = NULL, *old; - int err = mount_is_safe(path); - if (err) - return err; + int err; if (!old_name || !*old_name) return -EINVAL; err = kern_path(old_name, LOOKUP_FOLLOW|LOOKUP_AUTOMOUNT, &old_path); @@ -1755,9 +1732,6 @@ static int do_remount(struct path *path, int flags, int mnt_flags, struct super_block *sb = path->mnt->mnt_sb; struct mount *mnt = real_mount(path->mnt); - if (!capable(CAP_SYS_ADMIN)) - return -EPERM; - if (!check_mnt(mnt)) return -EINVAL; @@ -1771,6 +1745,8 @@ static int do_remount(struct path *path, int flags, int mnt_flags, down_write(&sb->s_umount); if (flags & MS_BIND) err = change_mount_flags(path->mnt, flags); + else if (!capable(CAP_SYS_ADMIN)) + err = -EPERM; else err = do_remount_sb(sb, flags, data, 0); if (!err) { @@ -1803,9 +1779,7 @@ static int do_move_mount(struct path *path, const char *old_name) struct path old_path, parent_path; struct mount *p; struct mount *old; - int err = 0; - if (!may_mount()) - return -EPERM; + int err; if (!old_name || !*old_name) return -EINVAL; err = kern_path(old_name, LOOKUP_FOLLOW, &old_path); @@ -1947,9 +1921,6 @@ static int do_new_mount(struct path *path, const char *fstype, int flags, if (!fstype) return -EINVAL; - if (!may_mount()) - return -EPERM; - type = get_fs_type(fstype); if (!type) return -ENODEV; @@ -2263,6 +2234,9 @@ long do_mount(const char *dev_name, const char *dir_name, if (retval) goto dput_out; + if (!may_mount()) + return -EPERM; + /* Default to relatime unless overriden */ if (!(flags & MS_NOATIME)) mnt_flags |= MNT_RELATIME; |