Re: [RCF] [PATCH] unprivileged mount/umount

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2005-05-13 at 02:10, Miklos Szeredi wrote:
> >  	dentry = file->f_dentry;
> >  	mnt = file->f_vfsmnt;
> >  	inode = dentry->d_inode;
> > +	if(mnt->mnt_namespace != current->namespace)
> > +		goto out_putf;
> >  
> >  	error = -ENOTDIR;
> >  	if (!S_ISDIR(inode->i_mode))
> > 
> 
> Does this actually fix the problem?  The open is done in the right
> namespace, and mount() doesn't call open().

Right but this fix disallows fchdir into a directory belonging to
a different namespace.  And hence would disallow the ability to
cross mount across namespaces.

RP

> 
> I think the right fix is something like this:
> 
> Index: linux/fs/namespace.c
> ===================================================================
> --- linux.orig/fs/namespace.c	2005-05-13 11:03:50.000000000 +0200
> +++ linux/fs/namespace.c	2005-05-13 11:05:06.000000000 +0200
> @@ -160,7 +160,7 @@ clone_mnt(struct vfsmount *old, struct d
>  		mnt->mnt_root = dget(root);
>  		mnt->mnt_mountpoint = mnt->mnt_root;
>  		mnt->mnt_parent = mnt;
> -		mnt->mnt_namespace = old->mnt_namespace;
> +		mnt->mnt_namespace = current->namespace;


>  
>  		/* stick the duplicate mount on the same expiry list
>  		 * as the original if that was on one */
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
> the body of a message to [email protected]
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux