提交 feb8ae43 编写于 作者: A Al Viro

start massaging the checks in sget_...(): move to sget_userns()

there are 3 remaining callers of sget_userns() - sget(), mount_ns()
and mount_pseudo_xattr().  Extra check in sget() is conditional
upon mount being neither KERNMOUNT nor SUBMOUNT, the identical one
in mount_ns() - upon being not KERNMOUNT; mount_pseudo_xattr()
has no such checks at all.

However, mount_ns() is never used with SUBMOUNT and mount_pseudo_xattr()
is used only for KERNMOUNT, so both would be fine with the same logics
as currently done in sget(), allowing to consolidate the entire thing
in sget_userns() itself.

That's not where these checks will end up in the long run, though -
the whole reason why they'd been done so deep in the bowels of
mount(2) was that there had been no way for a filesystem to specify
which userns to look at until it has entered ->mount().

Now there is a place where filesystem could override the defaults -
->init_fs_context().  Which allows to pull the checks out into
the callers of vfs_get_tree().  That'll take quite a bit of
massage, but that mess is possible to tease apart.
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
上级 f7a99451
...@@ -583,6 +583,10 @@ struct super_block *sget_userns(struct file_system_type *type, ...@@ -583,6 +583,10 @@ struct super_block *sget_userns(struct file_system_type *type,
struct super_block *old; struct super_block *old;
int err; int err;
/* Ensure the requestor has permissions over the target filesystem */
if (!(flags & (SB_KERNMOUNT|SB_SUBMOUNT)) && !ns_capable(user_ns, CAP_SYS_ADMIN))
return ERR_PTR(-EPERM);
if (!(flags & (SB_KERNMOUNT|SB_SUBMOUNT)) && if (!(flags & (SB_KERNMOUNT|SB_SUBMOUNT)) &&
!(type->fs_flags & FS_USERNS_MOUNT) && !(type->fs_flags & FS_USERNS_MOUNT) &&
!capable(CAP_SYS_ADMIN)) !capable(CAP_SYS_ADMIN))
...@@ -653,10 +657,6 @@ struct super_block *sget(struct file_system_type *type, ...@@ -653,10 +657,6 @@ struct super_block *sget(struct file_system_type *type,
if (flags & SB_SUBMOUNT) if (flags & SB_SUBMOUNT)
user_ns = &init_user_ns; user_ns = &init_user_ns;
/* Ensure the requestor has permissions over the target filesystem */
if (!(flags & (SB_KERNMOUNT|SB_SUBMOUNT)) && !ns_capable(user_ns, CAP_SYS_ADMIN))
return ERR_PTR(-EPERM);
return sget_userns(type, test, set, flags, user_ns, data); return sget_userns(type, test, set, flags, user_ns, data);
} }
...@@ -1164,12 +1164,6 @@ struct dentry *mount_ns(struct file_system_type *fs_type, ...@@ -1164,12 +1164,6 @@ struct dentry *mount_ns(struct file_system_type *fs_type,
{ {
struct super_block *sb; struct super_block *sb;
/* Don't allow mounting unless the caller has CAP_SYS_ADMIN
* over the namespace.
*/
if (!(flags & SB_KERNMOUNT) && !ns_capable(user_ns, CAP_SYS_ADMIN))
return ERR_PTR(-EPERM);
sb = sget_userns(fs_type, ns_test_super, ns_set_super, flags, sb = sget_userns(fs_type, ns_test_super, ns_set_super, flags,
user_ns, ns); user_ns, ns);
if (IS_ERR(sb)) if (IS_ERR(sb))
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册