Message ID | 1461699046-30485-3-git-send-email-seth.forshee@canonical.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show
Return-Path: <selinux-bounces@tycho.nsa.gov> X-Original-To: patchwork-selinux@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id E0B68BF29F for <patchwork-selinux@patchwork.kernel.org>; Tue, 26 Apr 2016 19:38:38 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 404DA2014A for <patchwork-selinux@patchwork.kernel.org>; Tue, 26 Apr 2016 19:38:38 +0000 (UTC) Received: from emsm-gh1-uea11.nsa.gov (emsm-gh1-uea11.nsa.gov [8.44.101.9]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 2D2F020166 for <patchwork-selinux@patchwork.kernel.org>; Tue, 26 Apr 2016 19:38:37 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.24,537,1454976000"; d="scan'208";a="15642605" IronPort-PHdr: =?us-ascii?q?9a23=3A+q0lURIVVIQzeWLXaNmcpTZWNBhigK39O0sv0rFi?= =?us-ascii?q?tYgVKfjxwZ3uMQTl6Ol3ixeRBMOAu6IC1Lud6vu4EUU7or+/81k6OKRWUBEEjc?= =?us-ascii?q?hE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i760zceF13FOBZv?= =?us-ascii?q?IaytQ8iJ35TxiLH5osaLKyxzxxODIppKZC2sqgvQssREyaBDEY0WjiXzn31TZu?= =?us-ascii?q?5NznlpL1/A1zz158O34YIxu38I46Fp34d6XK77Z6U1S6BDRHRjajhtpZ6jiR6W?= =?us-ascii?q?ByaV53BUbSNeuBtFDwXf6Rj8FN+lvyH7u+ZwwiyyLcj3Vqs1XjLk5KBuHlugoS?= =?us-ascii?q?MKJzc//GzNwvJxlqUT9AygvRtX0YPSYZ/TMPt4Y7ObeskVA3dCCJV/TStEV7ix?= =?us-ascii?q?c4tHIe0bJuZVosGpvFYSrV2wAhO3BO7i4jRBgHjw3KYz16IqFgSQj19oJM4HrH?= =?us-ascii?q?mB9Ia9D6wVS+3gifCQlTg=3D?= X-IPAS-Result: =?us-ascii?q?A2EFBQBXwx9X/wHyM5BeHAGDG4FQtVWGHyKHOkwBAQEBAQE?= =?us-ascii?q?CAmIngi2CFQEBBAECJBMUIAsDAwkBARcpCAgDASgFFREGAQcLBRgEiAnEOgELA?= =?us-ascii?q?R2GIYhaEQGFdAWOSIlIgVWMRIlPhUBFjmtigjaBU06HeYE1AQEB?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Apr 2016 19:38:15 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u3QJcFPE012054; Tue, 26 Apr 2016 15:38:15 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u3QJUpXJ172204 for <selinux@prometheus.infosec.tycho.ncsc.mil>; Tue, 26 Apr 2016 15:30:51 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u3QJUoHH010214 for <selinux@tycho.nsa.gov>; Tue, 26 Apr 2016 15:30:50 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0BABQAQwR9X/yUp0ApeHYMbgVCCc7JkghmLYkwBAQEBAQFmJ4RCAQUnUhAISSwrBgESiCrEZ4YhjmAFjkiJSIFVjESJT4VARY5rYoE2AX+BUx4wiS4BAQE X-IPAS-Result: A0BABQAQwR9X/yUp0ApeHYMbgVCCc7JkghmLYkwBAQEBAQFmJ4RCAQUnUhAISSwrBgESiCrEZ4YhjmAFjkiJSIFVjESJT4VARY5rYoE2AX+BUx4wiS4BAQE X-IronPort-AV: E=Sophos;i="5.24,537,1454994000"; d="scan'208";a="5410350" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 26 Apr 2016 15:30:50 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AFhOkdRSzpggZKG1GVDVkrlmrotpsv+yvbD5Q0YIu?= =?us-ascii?q?jvd0So/mwa65ZxCN2/xhgRfzUJnB7Loc0qyN4/CmBj1LuM3Z+Fk5M7VyFDY9wf?= =?us-ascii?q?0MmAIhBMPXQWbaF9XNKxIAIcJZSVV+9Gu6O0UGUOz3ZlnVv2HgpWVKQka3CwN5?= =?us-ascii?q?K6zPF5LIiIzvjqbpq82VPFQD3WHlKZpJbzyI7izp/vEMhoVjLqtjgjDomVBvP9?= =?us-ascii?q?ps+GVzOFiIlAz97MrjtLRq8iBXpu5zv5UYCfayV+0CQLdZFDUrNXwurI2u7EGb?= =?us-ascii?q?DFjH2nxJGEgMkxEAPE6NxhD3UprrtyL8/KIp1SObMMH7V7UcSTGj9LxqTxmugy?= =?us-ascii?q?ACYXpx2WXamsV2gK9B6CygvRs3l5DVeoa9Jvd4f72bedIcWHoHWdxeETFCVNCS?= =?us-ascii?q?dYwKWtEMIeYQgY7nvFsDoFPqHgSwBKXhzSVThnL79aYz1eMnEArP2EorGNdY4y?= =?us-ascii?q?ecl8n8KKpHCbP996LP1ziWKqoOgTo=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0FPBQDdwB9X/3/oP4heHYMbgVCCc7Jkg?= =?us-ascii?q?hmLYkwBAQEBAQECAmIngi2CFQEFJ1IQCBA5LCsGARKIKsRnhiGOYAWOSIlIgVW?= =?us-ascii?q?MRIlPhUBFjmtigTYBf4FTHjCJLgEBAQ?= X-IPAS-Result: =?us-ascii?q?A0FPBQDdwB9X/3/oP4heHYMbgVCCc7JkghmLYkwBAQEBAQE?= =?us-ascii?q?CAmIngi2CFQEFJ1IQCBA5LCsGARKIKsRnhiGOYAWOSIlIgVWMRIlPhUBFjmtig?= =?us-ascii?q?TYBf4FTHjCJLgEBAQ?= X-IronPort-AV: E=Sophos;i="5.24,537,1454976000"; d="scan'208";a="15642328" Received: from unknown (HELO ubuntu-hedt) ([136.63.232.127]) by emsm-gh1-uea11.nsa.gov with ESMTP; 26 Apr 2016 19:30:49 +0000 Received: by ubuntu-hedt (Postfix, from userid 1000) id 451FB302386; Tue, 26 Apr 2016 14:30:48 -0500 (CDT) From: Seth Forshee <seth.forshee@canonical.com> To: "Eric W. Biederman" <ebiederm@xmission.com>, Alexander Viro <viro@zeniv.linux.org.uk> Subject: [PATCH v4 02/21] fs: Remove check of s_user_ns for existing mounts in fs_fully_visible() Date: Tue, 26 Apr 2016 14:30:25 -0500 Message-Id: <1461699046-30485-3-git-send-email-seth.forshee@canonical.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1461699046-30485-1-git-send-email-seth.forshee@canonical.com> References: <1461699046-30485-1-git-send-email-seth.forshee@canonical.com> X-Mailman-Approved-At: Tue, 26 Apr 2016 15:34:29 -0400 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" <selinux.tycho.nsa.gov> List-Post: <mailto:selinux@tycho.nsa.gov> List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help> Cc: linux-bcache@vger.kernel.org, Serge Hallyn <serge.hallyn@canonical.com>, Seth Forshee <seth.forshee@canonical.com>, dm-devel@redhat.com, Miklos Szeredi <mszeredi@redhat.com>, Richard Weinberger <richard.weinberger@gmail.com>, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-raid@vger.kernel.org, fuse-devel@lists.sourceforge.net, Austin S Hemmelgarn <ahferroin7@gmail.com>, linux-mtd@lists.infradead.org, selinux@tycho.nsa.gov, linux-fsdevel@vger.kernel.org, cgroups@vger.kernel.org, Pavel Tikhomirov <ptikhomirov@virtuozzo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" <selinux-bounces@tycho.nsa.gov> X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP |
diff --git a/fs/namespace.c b/fs/namespace.c index f20c82f91ecb..c133318bec35 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -3234,8 +3234,7 @@ static bool fs_fully_visible(struct file_system_type *type, int *new_mnt_flags) mnt_flags = mnt->mnt.mnt_flags; if (mnt->mnt.mnt_sb->s_iflags & SB_I_NOEXEC) mnt_flags &= ~(MNT_LOCK_NOSUID | MNT_LOCK_NOEXEC); - if (mnt->mnt.mnt_sb->s_user_ns != &init_user_ns && - !(mnt->mnt.mnt_sb->s_type->fs_flags & FS_USERNS_DEV_MOUNT)) + if (!(mnt->mnt.mnt_sb->s_type->fs_flags & FS_USERNS_DEV_MOUNT)) mnt_flags &= ~(MNT_LOCK_NODEV); /* Verify the mount flags are equal to or more permissive
fs_fully_visible() ignores MNT_LOCK_NODEV when FS_USERS_DEV_MOUNT is not set for the filesystem, but there is a bug in the logic that may cause mounting to fail. It is doing this only when the existing mount is not in init_user_ns but should check the new mount instead. But the new mount is always in a non-init namespace when fs_fully_visible() is called, so that condition can simply be removed. Signed-off-by: Seth Forshee <seth.forshee@canonical.com> --- fs/namespace.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)