From patchwork Sat May 16 02:11:20 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Eric W. Biederman" X-Patchwork-Id: 6418791 Return-Path: X-Original-To: patchwork-linux-fsdevel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 9D5D99F1CC for ; Sat, 16 May 2015 02:16:15 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id A878820576 for ; Sat, 16 May 2015 02:16:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id C6E3620573 for ; Sat, 16 May 2015 02:16:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2992654AbbEPCQL (ORCPT ); Fri, 15 May 2015 22:16:11 -0400 Received: from out03.mta.xmission.com ([166.70.13.233]:51559 "EHLO out03.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2992622AbbEPCQK (ORCPT ); Fri, 15 May 2015 22:16:10 -0400 Received: from in01.mta.xmission.com ([166.70.13.51]) by out03.mta.xmission.com with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1YtRe5-0000Y6-Gk; Fri, 15 May 2015 20:16:09 -0600 Received: from 67-3-205-90.omah.qwest.net ([67.3.205.90] helo=x220.int.ebiederm.org.xmission.com) by in01.mta.xmission.com with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1YtRe4-0002va-QA; Fri, 15 May 2015 20:16:09 -0600 From: ebiederm@xmission.com (Eric W. Biederman) To: Linux Containers Cc: , Linux API , "Serge E. Hallyn" , Andy Lutomirski , Richard Weinberger , Kenton Varda , Michael Kerrisk-manpages , =?utf-8?Q?St=C3=A9phane?= Graber , Eric Windisch , Greg Kroah-Hartman , Tejun Heo References: <87pp63jcca.fsf@x220.int.ebiederm.org> <87siaxuvik.fsf@x220.int.ebiederm.org> Date: Fri, 15 May 2015 21:11:20 -0500 In-Reply-To: <87siaxuvik.fsf@x220.int.ebiederm.org> (Eric W. Biederman's message of "Fri, 15 May 2015 21:05:39 -0500") Message-ID: <874mndtgon.fsf_-_@x220.int.ebiederm.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 X-XM-AID: U2FsdGVkX1+Chr2p+llQ9zXkzRpmo7qgP2yzjFSMbNY= X-SA-Exim-Connect-IP: 67.3.205.90 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-DCC: XMission; sa07 1397; Body=2 Fuz1=2 Fuz2=2 X-Spam-Combo: ***;Linux Containers X-Spam-Relay-Country: X-Spam-Timing: total 285 ms - load_scoreonly_sql: 0.06 (0.0%), signal_user_changed: 3.9 (1.4%), b_tie_ro: 2.9 (1.0%), parse: 1.00 (0.4%), extract_message_metadata: 15 (5.3%), get_uri_detail_list: 1.64 (0.6%), tests_pri_-1000: 7 (2.4%), tests_pri_-950: 1.44 (0.5%), tests_pri_-900: 1.19 (0.4%), tests_pri_-400: 25 (8.6%), check_bayes: 23 (8.1%), b_tokenize: 7 (2.4%), b_tok_get_all: 8 (2.8%), b_comp_prob: 2.1 (0.7%), b_tok_touch_all: 3.0 (1.0%), b_finish: 0.99 (0.3%), tests_pri_0: 219 (76.6%), tests_pri_500: 7 (2.6%), rewrite_mail: 0.00 (0.0%) Subject: [CFT][PATCH 10/10] mnt: Update fs_fully_visible to test for permanently empty directories X-SA-Exim-Version: 4.2.1 (built Wed, 24 Sep 2014 11:00:52 -0600) X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com) Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP fs_fully_visible attempts to make fresh mounts of proc and sysfs give the mounter no more access to proc and sysfs than if they could have by creating a bind mount. One aspect of proc and sysfs that makes this particularly tricky is that there are other filesystems that typically mount on top of proc and sysfs. As those filesystems are mounted on empty directories in practice it is safe to ignore them. However testing to ensure filesystems are mounted on empty directories has not been something the in kernel data structures have supported so the current test for an empty directory which checks to see if nlink <= 2 is a bit lacking. proc and sysfs have recently been modified to use the new empty_dir infrastructure to create all of their dedicated mount points. Instead of testing for S_ISDIR(inode->i_mode) && i_nlink <= 2 to see if a directory is empty, test for is_empty_dir_inode(inode). That small change guaranteess mounts found on proc and sysfs really are safe to ignore, because the directories are not only empty but nothing can ever be added to them. This guarantees there is nothing to worry about when mounting proc and sysfs. Cc: stable@vger.kernel.org Signed-off-by: "Eric W. Biederman" --- fs/namespace.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/fs/namespace.c b/fs/namespace.c index 3ede0669b8d2..eccd925c6e82 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -3220,9 +3220,8 @@ static bool fs_fully_visible(struct file_system_type *type, int *new_mnt_flags) /* Only worry about locked mounts */ if (!(mnt->mnt.mnt_flags & MNT_LOCKED)) continue; - if (!S_ISDIR(inode->i_mode)) - goto next; - if (inode->i_nlink > 2) + /* Is the directory permanetly empty? */ + if (!is_empty_dir_inode(inode)) goto next; } /* Preserve the locked attributes */